@1sat/connect 0.0.14 → 0.0.15

package/dist/index.js

@@ -259,7 +259,7 @@ __export(exports_buffer, {
   default: () => buffer_default,
   constants: () => constants,
   btoa: () => btoa2,
-  atob: () => atob,
+  atob: () => atob2,
   INSPECT_MAX_BYTES: () => INSPECT_MAX_BYTES,
   File: () => File,
   Buffer: () => Buffer2,
@@ -932,7 +932,7 @@ function notimpl(name) {
     throw Error(name + " is not implemented for node:buffer browser polyfill");
   };
 }
-var lookup, revLookup, code = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", i, len, customInspectSymbol, INSPECT_MAX_BYTES = 50, kMaxLength = 2147483647, kStringMaxLength = 536870888, btoa2, atob, File, Blob2, constants, ERR_BUFFER_OUT_OF_BOUNDS, ERR_INVALID_ARG_TYPE, ERR_OUT_OF_RANGE, MAX_ARGUMENTS_LENGTH = 4096, INVALID_BASE64_RE, hexSliceLookupTable, resolveObjectURL, isUtf8, isAscii = (str) => {
+var lookup, revLookup, code = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", i, len, customInspectSymbol, INSPECT_MAX_BYTES = 50, kMaxLength = 2147483647, kStringMaxLength = 536870888, btoa2, atob2, File, Blob2, constants, ERR_BUFFER_OUT_OF_BOUNDS, ERR_INVALID_ARG_TYPE, ERR_OUT_OF_RANGE, MAX_ARGUMENTS_LENGTH = 4096, INVALID_BASE64_RE, hexSliceLookupTable, resolveObjectURL, isUtf8, isAscii = (str) => {
   for (let char of str)
     if (char.charCodeAt(0) > 127)
       return false;
@@ -947,7 +947,7 @@ var init_buffer = __esm(() => {
   revLookup[95] = 63;
   customInspectSymbol = typeof Symbol === "function" && typeof Symbol.for === "function" ? Symbol.for("nodejs.util.inspect.custom") : null;
   btoa2 = globalThis.btoa;
-  atob = globalThis.atob;
+  atob2 = globalThis.atob;
   File = globalThis.File;
   Blob2 = globalThis.Blob;
   constants = { MAX_LENGTH: kMaxLength, MAX_STRING_LENGTH: kStringMaxLength };
@@ -114948,90 +114948,3699 @@ class GlobalKVStore5 {
     return await this.topicBroadcaster.broadcast(transaction5);
   }
 }
-// src/sigma-oauth.ts
-var SIGMA_URL = "https://auth.sigmaidentity.com";
-var SIGMA_AUTHORIZE_PATH = "/oauth2/authorize";
-var STORAGE_PREFIX = "sigma_oauth_";
-var STATE_KEY = `${STORAGE_PREFIX}state`;
-var VERIFIER_KEY = `${STORAGE_PREFIX}verifier`;
-function randomBytes(length) {
-  const buf = new Uint8Array(length);
-  crypto.getRandomValues(buf);
-  return buf;
+// ../../node_modules/@better-auth/core/dist/utils/error-codes.mjs
+function defineErrorCodes(codes) {
+  return Object.fromEntries(Object.entries(codes).map(([key, value]) => [key, {
+    code: key,
+    message: value,
+    toString: () => key
+  }]));
+}
+
+// ../../node_modules/better-auth/dist/plugins/admin/error-codes.mjs
+var ADMIN_ERROR_CODES = defineErrorCodes({
+  FAILED_TO_CREATE_USER: "Failed to create user",
+  USER_ALREADY_EXISTS: "User already exists.",
+  USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: "User already exists. Use another email.",
+  YOU_CANNOT_BAN_YOURSELF: "You cannot ban yourself",
+  YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE: "You are not allowed to change users role",
+  YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS: "You are not allowed to create users",
+  YOU_ARE_NOT_ALLOWED_TO_LIST_USERS: "You are not allowed to list users",
+  YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS: "You are not allowed to list users sessions",
+  YOU_ARE_NOT_ALLOWED_TO_BAN_USERS: "You are not allowed to ban users",
+  YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS: "You are not allowed to impersonate users",
+  YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS: "You are not allowed to revoke users sessions",
+  YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS: "You are not allowed to delete users",
+  YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD: "You are not allowed to set users password",
+  BANNED_USER: "You have been banned from this application",
+  YOU_ARE_NOT_ALLOWED_TO_GET_USER: "You are not allowed to get user",
+  NO_DATA_TO_UPDATE: "No data to update",
+  YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS: "You are not allowed to update users",
+  YOU_CANNOT_REMOVE_YOURSELF: "You cannot remove yourself",
+  YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE: "You are not allowed to set a non-existent role value",
+  YOU_CANNOT_IMPERSONATE_ADMINS: "You cannot impersonate admins",
+  INVALID_ROLE_TYPE: "Invalid role type"
+});
+
+// ../../node_modules/@better-auth/core/dist/error/codes.mjs
+var BASE_ERROR_CODES = defineErrorCodes({
+  USER_NOT_FOUND: "User not found",
+  FAILED_TO_CREATE_USER: "Failed to create user",
+  FAILED_TO_CREATE_SESSION: "Failed to create session",
+  FAILED_TO_UPDATE_USER: "Failed to update user",
+  FAILED_TO_GET_SESSION: "Failed to get session",
+  INVALID_PASSWORD: "Invalid password",
+  INVALID_EMAIL: "Invalid email",
+  INVALID_EMAIL_OR_PASSWORD: "Invalid email or password",
+  INVALID_USER: "Invalid user",
+  SOCIAL_ACCOUNT_ALREADY_LINKED: "Social account already linked",
+  PROVIDER_NOT_FOUND: "Provider not found",
+  INVALID_TOKEN: "Invalid token",
+  TOKEN_EXPIRED: "Token expired",
+  ID_TOKEN_NOT_SUPPORTED: "id_token not supported",
+  FAILED_TO_GET_USER_INFO: "Failed to get user info",
+  USER_EMAIL_NOT_FOUND: "User email not found",
+  EMAIL_NOT_VERIFIED: "Email not verified",
+  PASSWORD_TOO_SHORT: "Password too short",
+  PASSWORD_TOO_LONG: "Password too long",
+  USER_ALREADY_EXISTS: "User already exists.",
+  USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL: "User already exists. Use another email.",
+  EMAIL_CAN_NOT_BE_UPDATED: "Email can not be updated",
+  CREDENTIAL_ACCOUNT_NOT_FOUND: "Credential account not found",
+  SESSION_EXPIRED: "Session expired. Re-authenticate to perform this action.",
+  FAILED_TO_UNLINK_LAST_ACCOUNT: "You can't unlink your last account",
+  ACCOUNT_NOT_FOUND: "Account not found",
+  USER_ALREADY_HAS_PASSWORD: "User already has a password. Provide that to delete the account.",
+  CROSS_SITE_NAVIGATION_LOGIN_BLOCKED: "Cross-site navigation login blocked. This request appears to be a CSRF attack.",
+  VERIFICATION_EMAIL_NOT_ENABLED: "Verification email isn't enabled",
+  EMAIL_ALREADY_VERIFIED: "Email is already verified",
+  EMAIL_MISMATCH: "Email mismatch",
+  SESSION_NOT_FRESH: "Session is not fresh",
+  LINKED_ACCOUNT_ALREADY_EXISTS: "Linked account already exists",
+  INVALID_ORIGIN: "Invalid origin",
+  INVALID_CALLBACK_URL: "Invalid callbackURL",
+  INVALID_REDIRECT_URL: "Invalid redirectURL",
+  INVALID_ERROR_CALLBACK_URL: "Invalid errorCallbackURL",
+  INVALID_NEW_USER_CALLBACK_URL: "Invalid newUserCallbackURL",
+  MISSING_OR_NULL_ORIGIN: "Missing or null Origin",
+  CALLBACK_URL_REQUIRED: "callbackURL is required",
+  FAILED_TO_CREATE_VERIFICATION: "Unable to create verification",
+  FIELD_NOT_ALLOWED: "Field not allowed to be set",
+  ASYNC_VALIDATION_NOT_SUPPORTED: "Async validation is not supported",
+  VALIDATION_ERROR: "Validation Error",
+  MISSING_FIELD: "Field is required",
+  METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED: "POST method requires deferSessionRefresh to be enabled in session config",
+  BODY_MUST_BE_AN_OBJECT: "Body must be an object",
+  PASSWORD_ALREADY_SET: "User already has a password set"
+});
+
+// ../../node_modules/better-call/dist/error.mjs
+function isErrorStackTraceLimitWritable() {
+  const desc = Object.getOwnPropertyDescriptor(Error, "stackTraceLimit");
+  if (desc === undefined)
+    return Object.isExtensible(Error);
+  return Object.prototype.hasOwnProperty.call(desc, "writable") ? desc.writable : desc.set !== undefined;
+}
+function hideInternalStackFrames(stack) {
+  const lines = stack.split(`
+    at `);
+  if (lines.length <= 1)
+    return stack;
+  lines.splice(1, 1);
+  return lines.join(`
+    at `);
+}
+function makeErrorForHideStackFrame(Base, clazz) {
+
+  class HideStackFramesError extends Base {
+    #hiddenStack;
+    constructor(...args) {
+      if (isErrorStackTraceLimitWritable()) {
+        const limit = Error.stackTraceLimit;
+        Error.stackTraceLimit = 0;
+        super(...args);
+        Error.stackTraceLimit = limit;
+      } else
+        super(...args);
+      const stack = (/* @__PURE__ */ new Error()).stack;
+      if (stack)
+        this.#hiddenStack = hideInternalStackFrames(stack.replace(/^Error/, this.name));
+    }
+    get errorStack() {
+      return this.#hiddenStack;
+    }
+  }
+  Object.defineProperty(HideStackFramesError.prototype, "constructor", {
+    get() {
+      return clazz;
+    },
+    enumerable: false,
+    configurable: true
+  });
+  return HideStackFramesError;
+}
+var statusCodes = {
+  OK: 200,
+  CREATED: 201,
+  ACCEPTED: 202,
+  NO_CONTENT: 204,
+  MULTIPLE_CHOICES: 300,
+  MOVED_PERMANENTLY: 301,
+  FOUND: 302,
+  SEE_OTHER: 303,
+  NOT_MODIFIED: 304,
+  TEMPORARY_REDIRECT: 307,
+  BAD_REQUEST: 400,
+  UNAUTHORIZED: 401,
+  PAYMENT_REQUIRED: 402,
+  FORBIDDEN: 403,
+  NOT_FOUND: 404,
+  METHOD_NOT_ALLOWED: 405,
+  NOT_ACCEPTABLE: 406,
+  PROXY_AUTHENTICATION_REQUIRED: 407,
+  REQUEST_TIMEOUT: 408,
+  CONFLICT: 409,
+  GONE: 410,
+  LENGTH_REQUIRED: 411,
+  PRECONDITION_FAILED: 412,
+  PAYLOAD_TOO_LARGE: 413,
+  URI_TOO_LONG: 414,
+  UNSUPPORTED_MEDIA_TYPE: 415,
+  RANGE_NOT_SATISFIABLE: 416,
+  EXPECTATION_FAILED: 417,
+  "I'M_A_TEAPOT": 418,
+  MISDIRECTED_REQUEST: 421,
+  UNPROCESSABLE_ENTITY: 422,
+  LOCKED: 423,
+  FAILED_DEPENDENCY: 424,
+  TOO_EARLY: 425,
+  UPGRADE_REQUIRED: 426,
+  PRECONDITION_REQUIRED: 428,
+  TOO_MANY_REQUESTS: 429,
+  REQUEST_HEADER_FIELDS_TOO_LARGE: 431,
+  UNAVAILABLE_FOR_LEGAL_REASONS: 451,
+  INTERNAL_SERVER_ERROR: 500,
+  NOT_IMPLEMENTED: 501,
+  BAD_GATEWAY: 502,
+  SERVICE_UNAVAILABLE: 503,
+  GATEWAY_TIMEOUT: 504,
+  HTTP_VERSION_NOT_SUPPORTED: 505,
+  VARIANT_ALSO_NEGOTIATES: 506,
+  INSUFFICIENT_STORAGE: 507,
+  LOOP_DETECTED: 508,
+  NOT_EXTENDED: 510,
+  NETWORK_AUTHENTICATION_REQUIRED: 511
+};
+var InternalAPIError = class extends Error {
+  constructor(status = "INTERNAL_SERVER_ERROR", body = undefined, headers = {}, statusCode = typeof status === "number" ? status : statusCodes[status]) {
+    super(body?.message, body?.cause ? { cause: body.cause } : undefined);
+    this.status = status;
+    this.body = body;
+    this.headers = headers;
+    this.statusCode = statusCode;
+    this.name = "APIError";
+    this.status = status;
+    this.headers = headers;
+    this.statusCode = statusCode;
+    this.body = body;
+  }
+};
+var kAPIErrorHeaderSymbol = Symbol.for("better-call:api-error-headers");
+var APIError = makeErrorForHideStackFrame(InternalAPIError, Error);
+
+// ../../node_modules/@better-auth/core/dist/error/index.mjs
+var BetterAuthError = class extends Error {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "BetterAuthError";
+    this.message = message;
+    this.stack = "";
+  }
+};
+
+// ../../node_modules/better-auth/dist/plugins/access/access.mjs
+function role(statements) {
+  return {
+    authorize(request3, connector = "AND") {
+      let success = false;
+      for (const [requestedResource, requestedActions] of Object.entries(request3)) {
+        const allowedActions = statements[requestedResource];
+        if (!allowedActions)
+          return {
+            success: false,
+            error: `You are not allowed to access resource: ${requestedResource}`
+          };
+        if (Array.isArray(requestedActions))
+          success = requestedActions.every((requestedAction) => allowedActions.includes(requestedAction));
+        else if (typeof requestedActions === "object") {
+          const actions = requestedActions;
+          if (actions.connector === "OR")
+            success = actions.actions.some((requestedAction) => allowedActions.includes(requestedAction));
+          else
+            success = actions.actions.every((requestedAction) => allowedActions.includes(requestedAction));
+        } else
+          throw new BetterAuthError("Invalid access control request");
+        if (success && connector === "OR")
+          return { success };
+        if (!success && connector === "AND")
+          return {
+            success: false,
+            error: `unauthorized to access resource "${requestedResource}"`
+          };
+      }
+      if (success)
+        return { success };
+      return {
+        success: false,
+        error: "Not authorized"
+      };
+    },
+    statements
+  };
 }
-function base64UrlEncode(bytes6) {
-  let binary = "";
-  for (const byte of bytes6) {
-    binary += String.fromCharCode(byte);
+function createAccessControl(s6) {
+  return {
+    newRole(statements) {
+      return role(statements);
+    },
+    statements: s6
+  };
+}
+
+// ../../node_modules/better-auth/dist/plugins/admin/access/statement.mjs
+var defaultStatements = {
+  user: [
+    "create",
+    "list",
+    "set-role",
+    "ban",
+    "impersonate",
+    "impersonate-admins",
+    "delete",
+    "set-password",
+    "get",
+    "update"
+  ],
+  session: [
+    "list",
+    "revoke",
+    "delete"
+  ]
+};
+var defaultAc = createAccessControl(defaultStatements);
+var adminAc = defaultAc.newRole({
+  user: [
+    "create",
+    "list",
+    "set-role",
+    "ban",
+    "impersonate",
+    "delete",
+    "set-password",
+    "get",
+    "update"
+  ],
+  session: [
+    "list",
+    "revoke",
+    "delete"
+  ]
+});
+var userAc = defaultAc.newRole({
+  user: [],
+  session: []
+});
+
+// ../../node_modules/better-auth/dist/plugins/anonymous/error-codes.mjs
+var ANONYMOUS_ERROR_CODES = defineErrorCodes({
+  INVALID_EMAIL_FORMAT: "Email was not generated in a valid format",
+  FAILED_TO_CREATE_USER: "Failed to create user",
+  COULD_NOT_CREATE_SESSION: "Could not create session",
+  ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY: "Anonymous users cannot sign in again anonymously",
+  FAILED_TO_DELETE_ANONYMOUS_USER: "Failed to delete anonymous user",
+  USER_IS_NOT_ANONYMOUS: "User is not anonymous",
+  DELETE_ANONYMOUS_USER_DISABLED: "Deleting anonymous users is disabled"
+});
+
+// ../../node_modules/better-auth/dist/plugins/email-otp/error-codes.mjs
+var EMAIL_OTP_ERROR_CODES = defineErrorCodes({
+  OTP_EXPIRED: "OTP expired",
+  INVALID_OTP: "Invalid OTP",
+  TOO_MANY_ATTEMPTS: "Too many attempts"
+});
+
+// ../../node_modules/better-auth/dist/plugins/generic-oauth/error-codes.mjs
+var GENERIC_OAUTH_ERROR_CODES = defineErrorCodes({
+  INVALID_OAUTH_CONFIGURATION: "Invalid OAuth configuration",
+  TOKEN_URL_NOT_FOUND: "Invalid OAuth configuration. Token URL not found.",
+  PROVIDER_CONFIG_NOT_FOUND: "No config found for provider",
+  PROVIDER_ID_REQUIRED: "Provider ID is required",
+  INVALID_OAUTH_CONFIG: "Invalid OAuth configuration.",
+  SESSION_REQUIRED: "Session is required",
+  ISSUER_MISMATCH: "OAuth issuer mismatch. The authorization server issuer does not match the expected value (RFC 9207).",
+  ISSUER_MISSING: "OAuth issuer parameter missing. The authorization server did not include the required iss parameter (RFC 9207)."
+});
+
+// ../../node_modules/better-auth/dist/plugins/multi-session/error-codes.mjs
+var MULTI_SESSION_ERROR_CODES = defineErrorCodes({ INVALID_SESSION_TOKEN: "Invalid session token" });
+
+// ../../node_modules/better-auth/dist/plugins/organization/error-codes.mjs
+var ORGANIZATION_ERROR_CODES = defineErrorCodes({
+  YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION: "You are not allowed to create a new organization",
+  YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS: "You have reached the maximum number of organizations",
+  ORGANIZATION_ALREADY_EXISTS: "Organization already exists",
+  ORGANIZATION_SLUG_ALREADY_TAKEN: "Organization slug already taken",
+  ORGANIZATION_NOT_FOUND: "Organization not found",
+  USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION: "User is not a member of the organization",
+  YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION: "You are not allowed to update this organization",
+  YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION: "You are not allowed to delete this organization",
+  NO_ACTIVE_ORGANIZATION: "No active organization",
+  USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION: "User is already a member of this organization",
+  MEMBER_NOT_FOUND: "Member not found",
+  ROLE_NOT_FOUND: "Role not found",
+  YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM: "You are not allowed to create a new team",
+  TEAM_ALREADY_EXISTS: "Team already exists",
+  TEAM_NOT_FOUND: "Team not found",
+  YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER: "You cannot leave the organization as the only owner",
+  YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER: "You cannot leave the organization without an owner",
+  YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER: "You are not allowed to delete this member",
+  YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION: "You are not allowed to invite users to this organization",
+  USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION: "User is already invited to this organization",
+  INVITATION_NOT_FOUND: "Invitation not found",
+  YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION: "You are not the recipient of the invitation",
+  EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION: "Email verification required before accepting or rejecting invitation",
+  YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION: "You are not allowed to cancel this invitation",
+  INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION: "Inviter is no longer a member of the organization",
+  YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE: "You are not allowed to invite a user with this role",
+  FAILED_TO_RETRIEVE_INVITATION: "Failed to retrieve invitation",
+  YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS: "You have reached the maximum number of teams",
+  UNABLE_TO_REMOVE_LAST_TEAM: "Unable to remove last team",
+  YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER: "You are not allowed to update this member",
+  ORGANIZATION_MEMBERSHIP_LIMIT_REACHED: "Organization membership limit reached",
+  YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION: "You are not allowed to create teams in this organization",
+  YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION: "You are not allowed to delete teams in this organization",
+  YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM: "You are not allowed to update this team",
+  YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM: "You are not allowed to delete this team",
+  INVITATION_LIMIT_REACHED: "Invitation limit reached",
+  TEAM_MEMBER_LIMIT_REACHED: "Team member limit reached",
+  USER_IS_NOT_A_MEMBER_OF_THE_TEAM: "User is not a member of the team",
+  YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM: "You are not allowed to list the members of this team",
+  YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM: "You do not have an active team",
+  YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER: "You are not allowed to create a new member",
+  YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER: "You are not allowed to remove a team member",
+  YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION: "You are not allowed to access this organization as an owner",
+  YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION: "You are not a member of this organization",
+  MISSING_AC_INSTANCE: "Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information",
+  YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE: "You must be in an organization to create a role",
+  YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE: "You are not allowed to create a role",
+  YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE: "You are not allowed to update a role",
+  YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE: "You are not allowed to delete a role",
+  YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE: "You are not allowed to read a role",
+  YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE: "You are not allowed to list a role",
+  YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE: "You are not allowed to get a role",
+  TOO_MANY_ROLES: "This organization has too many roles",
+  INVALID_RESOURCE: "The provided permission includes an invalid resource",
+  ROLE_NAME_IS_ALREADY_TAKEN: "That role name is already taken",
+  CANNOT_DELETE_A_PRE_DEFINED_ROLE: "Cannot delete a pre-defined role",
+  ROLE_IS_ASSIGNED_TO_MEMBERS: "Cannot delete a role that is assigned to members. Please reassign the members to a different role first"
+});
+
+// ../../node_modules/nanostores/clean-stores/index.js
+var clean6 = Symbol("clean");
+
+// ../../node_modules/nanostores/atom/index.js
+var listenerQueue = [];
+var lqIndex = 0;
+var QUEUE_ITEMS_PER_LISTENER = 4;
+var epoch = 0;
+var atom = (initialValue) => {
+  let listeners = [];
+  let $atom = {
+    get() {
+      if (!$atom.lc) {
+        $atom.listen(() => {})();
+      }
+      return $atom.value;
+    },
+    init: initialValue,
+    lc: 0,
+    listen(listener) {
+      $atom.lc = listeners.push(listener);
+      return () => {
+        for (let i2 = lqIndex + QUEUE_ITEMS_PER_LISTENER;i2 < listenerQueue.length; ) {
+          if (listenerQueue[i2] === listener) {
+            listenerQueue.splice(i2, QUEUE_ITEMS_PER_LISTENER);
+          } else {
+            i2 += QUEUE_ITEMS_PER_LISTENER;
+          }
+        }
+        let index = listeners.indexOf(listener);
+        if (~index) {
+          listeners.splice(index, 1);
+          if (!--$atom.lc)
+            $atom.off();
+        }
+      };
+    },
+    notify(oldValue, changedKey) {
+      epoch++;
+      let runListenerQueue = !listenerQueue.length;
+      for (let listener of listeners) {
+        listenerQueue.push(listener, $atom.value, oldValue, changedKey);
+      }
+      if (runListenerQueue) {
+        for (lqIndex = 0;lqIndex < listenerQueue.length; lqIndex += QUEUE_ITEMS_PER_LISTENER) {
+          listenerQueue[lqIndex](listenerQueue[lqIndex + 1], listenerQueue[lqIndex + 2], listenerQueue[lqIndex + 3]);
+        }
+        listenerQueue.length = 0;
+      }
+    },
+    off() {},
+    set(newValue) {
+      let oldValue = $atom.value;
+      if (oldValue !== newValue) {
+        $atom.value = newValue;
+        $atom.notify(oldValue);
+      }
+    },
+    subscribe(listener) {
+      let unbind = $atom.listen(listener);
+      listener($atom.value);
+      return unbind;
+    },
+    value: initialValue
+  };
+  if (true) {
+    $atom[clean6] = () => {
+      listeners = [];
+      $atom.lc = 0;
+      $atom.off();
+    };
+  }
+  return $atom;
+};
+// ../../node_modules/nanostores/lifecycle/index.js
+var MOUNT = 5;
+var UNMOUNT = 6;
+var REVERT_MUTATION = 10;
+var on = (object, listener, eventKey, mutateStore) => {
+  object.events = object.events || {};
+  if (!object.events[eventKey + REVERT_MUTATION]) {
+    object.events[eventKey + REVERT_MUTATION] = mutateStore((eventProps) => {
+      object.events[eventKey].reduceRight((event, l) => (l(event), event), {
+        shared: {},
+        ...eventProps
+      });
+    });
+  }
+  object.events[eventKey] = object.events[eventKey] || [];
+  object.events[eventKey].push(listener);
+  return () => {
+    let currentListeners = object.events[eventKey];
+    let index = currentListeners.indexOf(listener);
+    currentListeners.splice(index, 1);
+    if (!currentListeners.length) {
+      delete object.events[eventKey];
+      object.events[eventKey + REVERT_MUTATION]();
+      delete object.events[eventKey + REVERT_MUTATION];
+    }
+  };
+};
+var STORE_UNMOUNT_DELAY = 1000;
+var onMount = ($store, initialize) => {
+  let listener = (payload) => {
+    let destroy = initialize(payload);
+    if (destroy)
+      $store.events[UNMOUNT].push(destroy);
+  };
+  return on($store, listener, MOUNT, (runListeners) => {
+    let originListen = $store.listen;
+    $store.listen = (...args) => {
+      if (!$store.lc && !$store.active) {
+        $store.active = true;
+        runListeners();
+      }
+      return originListen(...args);
+    };
+    let originOff = $store.off;
+    $store.events[UNMOUNT] = [];
+    $store.off = () => {
+      originOff();
+      setTimeout(() => {
+        if ($store.active && !$store.lc) {
+          $store.active = false;
+          for (let destroy of $store.events[UNMOUNT])
+            destroy();
+          $store.events[UNMOUNT] = [];
+        }
+      }, STORE_UNMOUNT_DELAY);
+    };
+    if (true) {
+      let originClean = $store[clean6];
+      $store[clean6] = () => {
+        for (let destroy of $store.events[UNMOUNT])
+          destroy();
+        $store.events[UNMOUNT] = [];
+        $store.active = false;
+        originClean();
+      };
+    }
+    return () => {
+      $store.listen = originListen;
+      $store.off = originOff;
+    };
+  });
+};
+// ../../node_modules/better-auth/dist/client/query.mjs
+var isServer = () => typeof window === "undefined";
+var useAuthQuery = (initializedAtom, path, $fetch, options) => {
+  const value = atom({
+    data: null,
+    error: null,
+    isPending: true,
+    isRefetching: false,
+    refetch: (queryParams) => fn(queryParams)
+  });
+  const fn = async (queryParams) => {
+    return new Promise((resolve) => {
+      const opts = typeof options === "function" ? options({
+        data: value.get().data,
+        error: value.get().error,
+        isPending: value.get().isPending
+      }) : options;
+      $fetch(path, {
+        ...opts,
+        query: {
+          ...opts?.query,
+          ...queryParams?.query
+        },
+        async onSuccess(context) {
+          value.set({
+            data: context.data,
+            error: null,
+            isPending: false,
+            isRefetching: false,
+            refetch: value.value.refetch
+          });
+          await opts?.onSuccess?.(context);
+        },
+        async onError(context) {
+          const { request: request3 } = context;
+          const retryAttempts = typeof request3.retry === "number" ? request3.retry : request3.retry?.attempts;
+          const retryAttempt = request3.retryAttempt || 0;
+          if (retryAttempts && retryAttempt < retryAttempts)
+            return;
+          const isUnauthorized = context.error.status === 401;
+          value.set({
+            error: context.error,
+            data: isUnauthorized ? null : value.get().data,
+            isPending: false,
+            isRefetching: false,
+            refetch: value.value.refetch
+          });
+          await opts?.onError?.(context);
+        },
+        async onRequest(context) {
+          const currentValue = value.get();
+          value.set({
+            isPending: currentValue.data === null,
+            data: currentValue.data,
+            error: null,
+            isRefetching: true,
+            refetch: value.value.refetch
+          });
+          await opts?.onRequest?.(context);
+        }
+      }).catch((error) => {
+        value.set({
+          error,
+          data: value.get().data,
+          isPending: false,
+          isRefetching: false,
+          refetch: value.value.refetch
+        });
+      }).finally(() => {
+        resolve(undefined);
+      });
+    });
+  };
+  initializedAtom = Array.isArray(initializedAtom) ? initializedAtom : [initializedAtom];
+  let isMounted = false;
+  for (const initAtom of initializedAtom)
+    initAtom.subscribe(async () => {
+      if (isServer())
+        return;
+      if (isMounted)
+        await fn();
+      else
+        onMount(value, () => {
+          const timeoutId = setTimeout(async () => {
+            if (!isMounted) {
+              await fn();
+              isMounted = true;
+            }
+          }, 0);
+          return () => {
+            value.off();
+            initAtom.off();
+            clearTimeout(timeoutId);
+          };
+        });
+    });
+  return value;
+};
+
+// ../../node_modules/better-auth/dist/client/broadcast-channel.mjs
+var kBroadcastChannel = Symbol.for("better-auth:broadcast-channel");
+var now = () => Math.floor(Date.now() / 1000);
+var WindowBroadcastChannel = class {
+  listeners = /* @__PURE__ */ new Set;
+  name;
+  constructor(name = "better-auth.message") {
+    this.name = name;
+  }
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  post(message) {
+    if (typeof window === "undefined")
+      return;
+    try {
+      localStorage.setItem(this.name, JSON.stringify({
+        ...message,
+        timestamp: now()
+      }));
+    } catch {}
+  }
+  setup() {
+    if (typeof window === "undefined" || typeof window.addEventListener === "undefined")
+      return () => {};
+    const handler = (event) => {
+      if (event.key !== this.name)
+        return;
+      const message = JSON.parse(event.newValue ?? "{}");
+      if (message?.event !== "session" || !message?.data)
+        return;
+      this.listeners.forEach((listener) => listener(message));
+    };
+    window.addEventListener("storage", handler);
+    return () => {
+      window.removeEventListener("storage", handler);
+    };
+  }
+};
+function getGlobalBroadcastChannel(name = "better-auth.message") {
+  if (!globalThis[kBroadcastChannel])
+    globalThis[kBroadcastChannel] = new WindowBroadcastChannel(name);
+  return globalThis[kBroadcastChannel];
+}
+
+// ../../node_modules/better-auth/dist/client/focus-manager.mjs
+var kFocusManager = Symbol.for("better-auth:focus-manager");
+var WindowFocusManager = class {
+  listeners = /* @__PURE__ */ new Set;
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  setFocused(focused) {
+    this.listeners.forEach((listener) => listener(focused));
+  }
+  setup() {
+    if (typeof window === "undefined" || typeof document === "undefined" || typeof window.addEventListener === "undefined")
+      return () => {};
+    const visibilityHandler = () => {
+      if (document.visibilityState === "visible")
+        this.setFocused(true);
+    };
+    document.addEventListener("visibilitychange", visibilityHandler, false);
+    return () => {
+      document.removeEventListener("visibilitychange", visibilityHandler, false);
+    };
+  }
+};
+function getGlobalFocusManager() {
+  if (!globalThis[kFocusManager])
+    globalThis[kFocusManager] = new WindowFocusManager;
+  return globalThis[kFocusManager];
+}
+
+// ../../node_modules/better-auth/dist/client/online-manager.mjs
+var kOnlineManager = Symbol.for("better-auth:online-manager");
+var WindowOnlineManager = class {
+  listeners = /* @__PURE__ */ new Set;
+  isOnline = typeof navigator !== "undefined" ? navigator.onLine : true;
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  setOnline(online) {
+    this.isOnline = online;
+    this.listeners.forEach((listener) => listener(online));
+  }
+  setup() {
+    if (typeof window === "undefined" || typeof window.addEventListener === "undefined")
+      return () => {};
+    const onOnline = () => this.setOnline(true);
+    const onOffline = () => this.setOnline(false);
+    window.addEventListener("online", onOnline, false);
+    window.addEventListener("offline", onOffline, false);
+    return () => {
+      window.removeEventListener("online", onOnline, false);
+      window.removeEventListener("offline", onOffline, false);
+    };
+  }
+};
+function getGlobalOnlineManager() {
+  if (!globalThis[kOnlineManager])
+    globalThis[kOnlineManager] = new WindowOnlineManager;
+  return globalThis[kOnlineManager];
+}
+
+// ../../node_modules/better-auth/dist/client/parser.mjs
+var PROTO_POLLUTION_PATTERNS = {
+  proto: /"(?:_|\\u0{2}5[Ff]){2}(?:p|\\u0{2}70)(?:r|\\u0{2}72)(?:o|\\u0{2}6[Ff])(?:t|\\u0{2}74)(?:o|\\u0{2}6[Ff])(?:_|\\u0{2}5[Ff]){2}"\s*:/,
+  constructor: /"(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\u0075)(?:c|\\u0063)(?:t|\\u0074)(?:o|\\u006[Ff])(?:r|\\u0072)"\s*:/,
+  protoShort: /"__proto__"\s*:/,
+  constructorShort: /"constructor"\s*:/
+};
+var JSON_SIGNATURE = /^\s*["[{]|^\s*-?\d{1,16}(\.\d{1,17})?([Ee][+-]?\d+)?\s*$/;
+var SPECIAL_VALUES = {
+  true: true,
+  false: false,
+  null: null,
+  undefined: undefined,
+  nan: NaN,
+  infinity: Number.POSITIVE_INFINITY,
+  "-infinity": Number.NEGATIVE_INFINITY
+};
+var ISO_DATE_REGEX = /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:\.(\d{1,7}))?(?:Z|([+-])(\d{2}):(\d{2}))$/;
+function isValidDate(date) {
+  return date instanceof Date && !isNaN(date.getTime());
+}
+function parseISODate(value) {
+  const match = ISO_DATE_REGEX.exec(value);
+  if (!match)
+    return null;
+  const [, year, month, day, hour, minute, second, ms, offsetSign, offsetHour, offsetMinute] = match;
+  const date = new Date(Date.UTC(parseInt(year, 10), parseInt(month, 10) - 1, parseInt(day, 10), parseInt(hour, 10), parseInt(minute, 10), parseInt(second, 10), ms ? parseInt(ms.padEnd(3, "0"), 10) : 0));
+  if (offsetSign) {
+    const offset = (parseInt(offsetHour, 10) * 60 + parseInt(offsetMinute, 10)) * (offsetSign === "+" ? -1 : 1);
+    date.setUTCMinutes(date.getUTCMinutes() + offset);
+  }
+  return isValidDate(date) ? date : null;
+}
+function betterJSONParse(value, options = {}) {
+  const { strict = false, warnings = false, reviver, parseDates = true } = options;
+  if (typeof value !== "string")
+    return value;
+  const trimmed = value.trim();
+  if (trimmed.length > 0 && trimmed[0] === '"' && trimmed.endsWith('"') && !trimmed.slice(1, -1).includes('"'))
+    return trimmed.slice(1, -1);
+  const lowerValue = trimmed.toLowerCase();
+  if (lowerValue.length <= 9 && lowerValue in SPECIAL_VALUES)
+    return SPECIAL_VALUES[lowerValue];
+  if (!JSON_SIGNATURE.test(trimmed)) {
+    if (strict)
+      throw new SyntaxError("[better-json] Invalid JSON");
+    return value;
+  }
+  if (Object.entries(PROTO_POLLUTION_PATTERNS).some(([key, pattern]) => {
+    const matches = pattern.test(trimmed);
+    if (matches && warnings)
+      console.warn(`[better-json] Detected potential prototype pollution attempt using ${key} pattern`);
+    return matches;
+  }) && strict)
+    throw new Error("[better-json] Potential prototype pollution attempt detected");
+  try {
+    const secureReviver = (key, value2) => {
+      if (key === "__proto__" || key === "constructor" && value2 && typeof value2 === "object" && "prototype" in value2) {
+        if (warnings)
+          console.warn(`[better-json] Dropping "${key}" key to prevent prototype pollution`);
+        return;
+      }
+      if (parseDates && typeof value2 === "string") {
+        const date = parseISODate(value2);
+        if (date)
+          return date;
+      }
+      return reviver ? reviver(key, value2) : value2;
+    };
+    return JSON.parse(trimmed, secureReviver);
+  } catch (error) {
+    if (strict)
+      throw error;
+    return value;
+  }
+}
+function parseJSON(value, options = { strict: true }) {
+  return betterJSONParse(value, options);
+}
+
+// ../../node_modules/better-auth/dist/client/session-refresh.mjs
+var now2 = () => Math.floor(Date.now() / 1000);
+var FOCUS_REFETCH_RATE_LIMIT_SECONDS = 5;
+function createSessionRefreshManager(opts) {
+  const { sessionAtom, sessionSignal, $fetch, options = {} } = opts;
+  const refetchInterval = options.sessionOptions?.refetchInterval ?? 0;
+  const refetchOnWindowFocus = options.sessionOptions?.refetchOnWindowFocus ?? true;
+  const refetchWhenOffline = options.sessionOptions?.refetchWhenOffline ?? false;
+  const state = {
+    lastSync: 0,
+    lastSessionRequest: 0,
+    cachedSession: undefined
+  };
+  const shouldRefetch = () => {
+    return refetchWhenOffline || getGlobalOnlineManager().isOnline;
+  };
+  const triggerRefetch = (event) => {
+    if (!shouldRefetch())
+      return;
+    if (event?.event === "storage") {
+      state.lastSync = now2();
+      sessionSignal.set(!sessionSignal.get());
+      return;
+    }
+    const currentSession = sessionAtom.get();
+    const fetchSessionWithRefresh = () => {
+      state.lastSessionRequest = now2();
+      $fetch("/get-session").then(async (res) => {
+        let data = res.data;
+        let error = res.error || null;
+        if (data?.needsRefresh)
+          try {
+            const refreshRes = await $fetch("/get-session", { method: "POST" });
+            data = refreshRes.data;
+            error = refreshRes.error || null;
+          } catch {}
+        const sessionData = data?.session && data?.user ? data : null;
+        sessionAtom.set({
+          ...currentSession,
+          data: sessionData,
+          error
+        });
+        state.lastSync = now2();
+        sessionSignal.set(!sessionSignal.get());
+      }).catch(() => {});
+    };
+    if (event?.event === "poll") {
+      fetchSessionWithRefresh();
+      return;
+    }
+    if (event?.event === "visibilitychange") {
+      if (now2() - state.lastSessionRequest < FOCUS_REFETCH_RATE_LIMIT_SECONDS)
+        return;
+      state.lastSessionRequest = now2();
+    }
+    if (event?.event === "visibilitychange") {
+      fetchSessionWithRefresh();
+      return;
+    }
+    if (currentSession?.data === null || currentSession?.data === undefined) {
+      state.lastSync = now2();
+      sessionSignal.set(!sessionSignal.get());
+    }
+  };
+  const broadcastSessionUpdate = (trigger) => {
+    getGlobalBroadcastChannel().post({
+      event: "session",
+      data: { trigger },
+      clientId: Math.random().toString(36).substring(7)
+    });
+  };
+  const setupPolling = () => {
+    if (refetchInterval && refetchInterval > 0)
+      state.pollInterval = setInterval(() => {
+        if (sessionAtom.get()?.data)
+          triggerRefetch({ event: "poll" });
+      }, refetchInterval * 1000);
+  };
+  const setupBroadcast = () => {
+    state.unsubscribeBroadcast = getGlobalBroadcastChannel().subscribe(() => {
+      triggerRefetch({ event: "storage" });
+    });
+  };
+  const setupFocusRefetch = () => {
+    if (!refetchOnWindowFocus)
+      return;
+    state.unsubscribeFocus = getGlobalFocusManager().subscribe(() => {
+      triggerRefetch({ event: "visibilitychange" });
+    });
+  };
+  const setupOnlineRefetch = () => {
+    state.unsubscribeOnline = getGlobalOnlineManager().subscribe((online) => {
+      if (online)
+        triggerRefetch({ event: "visibilitychange" });
+    });
+  };
+  const init = () => {
+    setupPolling();
+    setupBroadcast();
+    setupFocusRefetch();
+    setupOnlineRefetch();
+    getGlobalBroadcastChannel().setup();
+    getGlobalFocusManager().setup();
+    getGlobalOnlineManager().setup();
+  };
+  const cleanup = () => {
+    if (state.pollInterval) {
+      clearInterval(state.pollInterval);
+      state.pollInterval = undefined;
+    }
+    if (state.unsubscribeBroadcast) {
+      state.unsubscribeBroadcast();
+      state.unsubscribeBroadcast = undefined;
+    }
+    if (state.unsubscribeFocus) {
+      state.unsubscribeFocus();
+      state.unsubscribeFocus = undefined;
+    }
+    if (state.unsubscribeOnline) {
+      state.unsubscribeOnline();
+      state.unsubscribeOnline = undefined;
+    }
+    state.lastSync = 0;
+    state.lastSessionRequest = 0;
+    state.cachedSession = undefined;
+  };
+  return {
+    init,
+    cleanup,
+    triggerRefetch,
+    broadcastSessionUpdate
+  };
+}
+
+// ../../node_modules/@better-auth/core/dist/env/env-impl.mjs
+var _envShim = Object.create(null);
+var _getEnv = (useShim) => globalThis.process?.env || globalThis.Deno?.env.toObject() || globalThis.__env__ || (useShim ? _envShim : globalThis);
+var env = new Proxy(_envShim, {
+  get(_, prop) {
+    return _getEnv()[prop] ?? _envShim[prop];
+  },
+  has(_, prop) {
+    return prop in _getEnv() || prop in _envShim;
+  },
+  set(_, prop, value) {
+    const env2 = _getEnv(true);
+    env2[prop] = value;
+    return true;
+  },
+  deleteProperty(_, prop) {
+    if (!prop)
+      return false;
+    const env2 = _getEnv(true);
+    delete env2[prop];
+    return true;
+  },
+  ownKeys() {
+    const env2 = _getEnv(true);
+    return Object.keys(env2);
+  }
+});
+var nodeENV = typeof process !== "undefined" && process.env && "development" || "";
+function getEnvVar(key, fallback) {
+  if (typeof process !== "undefined" && process.env)
+    return process.env[key] ?? fallback;
+  if (typeof Deno !== "undefined")
+    return Deno.env.get(key) ?? fallback;
+  if (typeof Bun !== "undefined")
+    return Bun.env[key] ?? fallback;
+  return fallback;
+}
+var ENV = Object.freeze({
+  get BETTER_AUTH_SECRET() {
+    return getEnvVar("BETTER_AUTH_SECRET");
+  },
+  get AUTH_SECRET() {
+    return getEnvVar("AUTH_SECRET");
+  },
+  get BETTER_AUTH_TELEMETRY() {
+    return getEnvVar("BETTER_AUTH_TELEMETRY");
+  },
+  get BETTER_AUTH_TELEMETRY_ID() {
+    return getEnvVar("BETTER_AUTH_TELEMETRY_ID");
+  },
+  get NODE_ENV() {
+    return getEnvVar("NODE_ENV", "development");
+  },
+  get PACKAGE_VERSION() {
+    return getEnvVar("PACKAGE_VERSION", "0.0.0");
+  },
+  get BETTER_AUTH_TELEMETRY_ENDPOINT() {
+    return getEnvVar("BETTER_AUTH_TELEMETRY_ENDPOINT", "");
+  }
+});
+
+// ../../node_modules/@better-auth/core/dist/env/color-depth.mjs
+var COLORS_2 = 1;
+var COLORS_16 = 4;
+var COLORS_256 = 8;
+var COLORS_16m = 24;
+var TERM_ENVS = {
+  eterm: COLORS_16,
+  cons25: COLORS_16,
+  console: COLORS_16,
+  cygwin: COLORS_16,
+  dtterm: COLORS_16,
+  gnome: COLORS_16,
+  hurd: COLORS_16,
+  jfbterm: COLORS_16,
+  konsole: COLORS_16,
+  kterm: COLORS_16,
+  mlterm: COLORS_16,
+  mosh: COLORS_16m,
+  putty: COLORS_16,
+  st: COLORS_16,
+  "rxvt-unicode-24bit": COLORS_16m,
+  terminator: COLORS_16m,
+  "xterm-kitty": COLORS_16m
+};
+var CI_ENVS_MAP = new Map(Object.entries({
+  APPVEYOR: COLORS_256,
+  BUILDKITE: COLORS_256,
+  CIRCLECI: COLORS_16m,
+  DRONE: COLORS_256,
+  GITEA_ACTIONS: COLORS_16m,
+  GITHUB_ACTIONS: COLORS_16m,
+  GITLAB_CI: COLORS_256,
+  TRAVIS: COLORS_256
+}));
+var TERM_ENVS_REG_EXP = [
+  /ansi/,
+  /color/,
+  /linux/,
+  /direct/,
+  /^con[0-9]*x[0-9]/,
+  /^rxvt/,
+  /^screen/,
+  /^xterm/,
+  /^vt100/,
+  /^vt220/
+];
+function getColorDepth() {
+  if (getEnvVar("FORCE_COLOR") !== undefined)
+    switch (getEnvVar("FORCE_COLOR")) {
+      case "":
+      case "1":
+      case "true":
+        return COLORS_16;
+      case "2":
+        return COLORS_256;
+      case "3":
+        return COLORS_16m;
+      default:
+        return COLORS_2;
+    }
+  if (getEnvVar("NODE_DISABLE_COLORS") !== undefined && getEnvVar("NODE_DISABLE_COLORS") !== "" || getEnvVar("NO_COLOR") !== undefined && getEnvVar("NO_COLOR") !== "" || getEnvVar("TERM") === "dumb")
+    return COLORS_2;
+  if (getEnvVar("TMUX"))
+    return COLORS_16m;
+  if ("TF_BUILD" in env && "AGENT_NAME" in env)
+    return COLORS_16;
+  if ("CI" in env) {
+    for (const { 0: envName, 1: colors } of CI_ENVS_MAP)
+      if (envName in env)
+        return colors;
+    if (getEnvVar("CI_NAME") === "codeship")
+      return COLORS_256;
+    return COLORS_2;
+  }
+  if ("TEAMCITY_VERSION" in env)
+    return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.exec(getEnvVar("TEAMCITY_VERSION")) !== null ? COLORS_16 : COLORS_2;
+  switch (getEnvVar("TERM_PROGRAM")) {
+    case "iTerm.app":
+      if (!getEnvVar("TERM_PROGRAM_VERSION") || /^[0-2]\./.exec(getEnvVar("TERM_PROGRAM_VERSION")) !== null)
+        return COLORS_256;
+      return COLORS_16m;
+    case "HyperTerm":
+    case "MacTerm":
+      return COLORS_16m;
+    case "Apple_Terminal":
+      return COLORS_256;
+  }
+  if (getEnvVar("COLORTERM") === "truecolor" || getEnvVar("COLORTERM") === "24bit")
+    return COLORS_16m;
+  if (getEnvVar("TERM")) {
+    if (/truecolor/.exec(getEnvVar("TERM")) !== null)
+      return COLORS_16m;
+    if (/^xterm-256/.exec(getEnvVar("TERM")) !== null)
+      return COLORS_256;
+    const termEnv = getEnvVar("TERM").toLowerCase();
+    if (TERM_ENVS[termEnv])
+      return TERM_ENVS[termEnv];
+    if (TERM_ENVS_REG_EXP.some((term) => term.exec(termEnv) !== null))
+      return COLORS_16;
+  }
+  if (getEnvVar("COLORTERM"))
+    return COLORS_16;
+  return COLORS_2;
+}
+
+// ../../node_modules/@better-auth/core/dist/env/logger.mjs
+var TTY_COLORS = {
+  reset: "\x1B[0m",
+  bright: "\x1B[1m",
+  dim: "\x1B[2m",
+  undim: "\x1B[22m",
+  underscore: "\x1B[4m",
+  blink: "\x1B[5m",
+  reverse: "\x1B[7m",
+  hidden: "\x1B[8m",
+  fg: {
+    black: "\x1B[30m",
+    red: "\x1B[31m",
+    green: "\x1B[32m",
+    yellow: "\x1B[33m",
+    blue: "\x1B[34m",
+    magenta: "\x1B[35m",
+    cyan: "\x1B[36m",
+    white: "\x1B[37m"
+  },
+  bg: {
+    black: "\x1B[40m",
+    red: "\x1B[41m",
+    green: "\x1B[42m",
+    yellow: "\x1B[43m",
+    blue: "\x1B[44m",
+    magenta: "\x1B[45m",
+    cyan: "\x1B[46m",
+    white: "\x1B[47m"
+  }
+};
+var levels = [
+  "debug",
+  "info",
+  "success",
+  "warn",
+  "error"
+];
+function shouldPublishLog(currentLogLevel, logLevel) {
+  return levels.indexOf(logLevel) >= levels.indexOf(currentLogLevel);
+}
+var levelColors = {
+  info: TTY_COLORS.fg.blue,
+  success: TTY_COLORS.fg.green,
+  warn: TTY_COLORS.fg.yellow,
+  error: TTY_COLORS.fg.red,
+  debug: TTY_COLORS.fg.magenta
+};
+var formatMessage = (level, message, colorsEnabled) => {
+  const timestamp2 = (/* @__PURE__ */ new Date()).toISOString();
+  if (colorsEnabled)
+    return `${TTY_COLORS.dim}${timestamp2}${TTY_COLORS.reset} ${levelColors[level]}${level.toUpperCase()}${TTY_COLORS.reset} ${TTY_COLORS.bright}[Better Auth]:${TTY_COLORS.reset} ${message}`;
+  return `${timestamp2} ${level.toUpperCase()} [Better Auth]: ${message}`;
+};
+var createLogger = (options) => {
+  const enabled = options?.disabled !== true;
+  const logLevel = options?.level ?? "warn";
+  const colorsEnabled = options?.disableColors !== undefined ? !options.disableColors : getColorDepth() !== 1;
+  const LogFunc = (level, message, args = []) => {
+    if (!enabled || !shouldPublishLog(logLevel, level))
+      return;
+    const formattedMessage = formatMessage(level, message, colorsEnabled);
+    if (!options || typeof options.log !== "function") {
+      if (level === "error")
+        console.error(formattedMessage, ...args);
+      else if (level === "warn")
+        console.warn(formattedMessage, ...args);
+      else
+        console.log(formattedMessage, ...args);
+      return;
+    }
+    options.log(level === "success" ? "info" : level, message, ...args);
+  };
+  return {
+    ...Object.fromEntries(levels.map((level) => [level, (...[message, ...args]) => LogFunc(level, message, args)])),
+    get level() {
+      return logLevel;
+    }
+  };
+};
+var logger = createLogger();
+
+// ../../node_modules/better-auth/dist/utils/url.mjs
+function checkHasPath(url) {
+  try {
+    return (new URL(url).pathname.replace(/\/+$/, "") || "/") !== "/";
+  } catch {
+    throw new BetterAuthError(`Invalid base URL: ${url}. Please provide a valid base URL.`);
+  }
+}
+function assertHasProtocol(url) {
+  try {
+    const parsedUrl = new URL(url);
+    if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:")
+      throw new BetterAuthError(`Invalid base URL: ${url}. URL must include 'http://' or 'https://'`);
+  } catch (error) {
+    if (error instanceof BetterAuthError)
+      throw error;
+    throw new BetterAuthError(`Invalid base URL: ${url}. Please provide a valid base URL.`, { cause: error });
+  }
+}
+function withPath(url, path = "/api/auth") {
+  assertHasProtocol(url);
+  if (checkHasPath(url))
+    return url;
+  const trimmedUrl = url.replace(/\/+$/, "");
+  if (!path || path === "/")
+    return trimmedUrl;
+  path = path.startsWith("/") ? path : `/${path}`;
+  return `${trimmedUrl}${path}`;
+}
+function validateProxyHeader(header, type) {
+  if (!header || header.trim() === "")
+    return false;
+  if (type === "proto")
+    return header === "http" || header === "https";
+  if (type === "host") {
+    if ([
+      /\.\./,
+      /\0/,
+      /[\s]/,
+      /^[.]/,
+      /[<>'"]/,
+      /javascript:/i,
+      /file:/i,
+      /data:/i
+    ].some((pattern) => pattern.test(header)))
+      return false;
+    return /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?$/.test(header) || /^(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?$/.test(header) || /^\[[0-9a-fA-F:]+\](:[0-9]{1,5})?$/.test(header) || /^localhost(:[0-9]{1,5})?$/i.test(header);
+  }
+  return false;
+}
+function getBaseURL(url, path, request3, loadEnv, trustedProxyHeaders) {
+  if (url)
+    return withPath(url, path);
+  if (loadEnv !== false) {
+    const fromEnv = env.BETTER_AUTH_URL || env.NEXT_PUBLIC_BETTER_AUTH_URL || env.PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_BETTER_AUTH_URL || env.NUXT_PUBLIC_AUTH_URL || (env.BASE_URL !== "/" ? env.BASE_URL : undefined);
+    if (fromEnv)
+      return withPath(fromEnv, path);
+  }
+  const fromRequest = request3?.headers.get("x-forwarded-host");
+  const fromRequestProto = request3?.headers.get("x-forwarded-proto");
+  if (fromRequest && fromRequestProto && trustedProxyHeaders) {
+    if (validateProxyHeader(fromRequestProto, "proto") && validateProxyHeader(fromRequest, "host"))
+      try {
+        return withPath(`${fromRequestProto}://${fromRequest}`, path);
+      } catch (_error) {}
+  }
+  if (request3) {
+    const url2 = getOrigin(request3.url);
+    if (!url2)
+      throw new BetterAuthError("Could not get origin from request. Please provide a valid base URL.");
+    return withPath(url2, path);
+  }
+  if (typeof window !== "undefined" && window.location)
+    return withPath(window.location.origin, path);
+}
+function getOrigin(url) {
+  try {
+    const parsedUrl = new URL(url);
+    return parsedUrl.origin === "null" ? null : parsedUrl.origin;
+  } catch {
+    return null;
+  }
+}
+
+// ../../node_modules/better-auth/dist/client/fetch-plugins.mjs
+var redirectPlugin = {
+  id: "redirect",
+  name: "Redirect",
+  hooks: { onSuccess(context) {
+    if (context.data?.url && context.data?.redirect) {
+      if (typeof window !== "undefined" && window.location) {
+        if (window.location)
+          try {
+            window.location.href = context.data.url;
+          } catch {}
+      }
+    }
+  } }
+};
+
+// ../../node_modules/better-auth/dist/client/session-atom.mjs
+function getSessionAtom($fetch, options) {
+  const $signal = atom(false);
+  const session = useAuthQuery($signal, "/get-session", $fetch, { method: "GET" });
+  let broadcastSessionUpdate = () => {};
+  onMount(session, () => {
+    const refreshManager = createSessionRefreshManager({
+      sessionAtom: session,
+      sessionSignal: $signal,
+      $fetch,
+      options
+    });
+    refreshManager.init();
+    broadcastSessionUpdate = refreshManager.broadcastSessionUpdate;
+    return () => {
+      refreshManager.cleanup();
+    };
+  });
+  return {
+    session,
+    $sessionSignal: $signal,
+    broadcastSessionUpdate: (trigger) => broadcastSessionUpdate(trigger)
+  };
+}
+
+// ../../node_modules/defu/dist/defu.mjs
+function isPlainObject(value) {
+  if (value === null || typeof value !== "object") {
+    return false;
+  }
+  const prototype = Object.getPrototypeOf(value);
+  if (prototype !== null && prototype !== Object.prototype && Object.getPrototypeOf(prototype) !== null) {
+    return false;
+  }
+  if (Symbol.iterator in value) {
+    return false;
+  }
+  if (Symbol.toStringTag in value) {
+    return Object.prototype.toString.call(value) === "[object Module]";
+  }
+  return true;
+}
+function _defu(baseObject, defaults, namespace = ".", merger) {
+  if (!isPlainObject(defaults)) {
+    return _defu(baseObject, {}, namespace, merger);
+  }
+  const object = Object.assign({}, defaults);
+  for (const key in baseObject) {
+    if (key === "__proto__" || key === "constructor") {
+      continue;
+    }
+    const value = baseObject[key];
+    if (value === null || value === undefined) {
+      continue;
+    }
+    if (merger && merger(object, key, value, namespace)) {
+      continue;
+    }
+    if (Array.isArray(value) && Array.isArray(object[key])) {
+      object[key] = [...value, ...object[key]];
+    } else if (isPlainObject(value) && isPlainObject(object[key])) {
+      object[key] = _defu(value, object[key], (namespace ? `${namespace}.` : "") + key.toString(), merger);
+    } else {
+      object[key] = value;
+    }
+  }
+  return object;
+}
+function createDefu(merger) {
+  return (...arguments_) => arguments_.reduce((p, c) => _defu(p, c, "", merger), {});
+}
+var defu = createDefu();
+var defuFn = createDefu((object, key, currentValue) => {
+  if (object[key] !== undefined && typeof currentValue === "function") {
+    object[key] = currentValue(object[key]);
+    return true;
+  }
+});
+var defuArrayFn = createDefu((object, key, currentValue) => {
+  if (Array.isArray(object[key]) && typeof currentValue === "function") {
+    object[key] = currentValue(object[key]);
+    return true;
+  }
+});
+
+// ../../node_modules/@better-fetch/fetch/dist/index.js
+var __defProp5 = Object.defineProperty;
+var __defProps = Object.defineProperties;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp5 = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => (key in obj) ? __defProp5(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp5.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
+var BetterFetchError = class extends Error {
+  constructor(status, statusText, error) {
+    super(statusText || status.toString(), {
+      cause: error
+    });
+    this.status = status;
+    this.statusText = statusText;
+    this.error = error;
+    Error.captureStackTrace(this, this.constructor);
+  }
+};
+var initializePlugins = async (url, options) => {
+  var _a, _b, _c, _d, _e, _f;
+  let opts = options || {};
+  const hooks = {
+    onRequest: [options == null ? undefined : options.onRequest],
+    onResponse: [options == null ? undefined : options.onResponse],
+    onSuccess: [options == null ? undefined : options.onSuccess],
+    onError: [options == null ? undefined : options.onError],
+    onRetry: [options == null ? undefined : options.onRetry]
+  };
+  if (!options || !(options == null ? undefined : options.plugins)) {
+    return {
+      url,
+      options: opts,
+      hooks
+    };
+  }
+  for (const plugin of (options == null ? undefined : options.plugins) || []) {
+    if (plugin.init) {
+      const pluginRes = await ((_a = plugin.init) == null ? undefined : _a.call(plugin, url.toString(), options));
+      opts = pluginRes.options || opts;
+      url = pluginRes.url;
+    }
+    hooks.onRequest.push((_b = plugin.hooks) == null ? undefined : _b.onRequest);
+    hooks.onResponse.push((_c = plugin.hooks) == null ? undefined : _c.onResponse);
+    hooks.onSuccess.push((_d = plugin.hooks) == null ? undefined : _d.onSuccess);
+    hooks.onError.push((_e = plugin.hooks) == null ? undefined : _e.onError);
+    hooks.onRetry.push((_f = plugin.hooks) == null ? undefined : _f.onRetry);
+  }
+  return {
+    url,
+    options: opts,
+    hooks
+  };
+};
+var LinearRetryStrategy = class {
+  constructor(options) {
+    this.options = options;
+  }
+  shouldAttemptRetry(attempt, response) {
+    if (this.options.shouldRetry) {
+      return Promise.resolve(attempt < this.options.attempts && this.options.shouldRetry(response));
+    }
+    return Promise.resolve(attempt < this.options.attempts);
+  }
+  getDelay() {
+    return this.options.delay;
+  }
+};
+var ExponentialRetryStrategy = class {
+  constructor(options) {
+    this.options = options;
+  }
+  shouldAttemptRetry(attempt, response) {
+    if (this.options.shouldRetry) {
+      return Promise.resolve(attempt < this.options.attempts && this.options.shouldRetry(response));
+    }
+    return Promise.resolve(attempt < this.options.attempts);
+  }
+  getDelay(attempt) {
+    const delay = Math.min(this.options.maxDelay, this.options.baseDelay * 2 ** attempt);
+    return delay;
+  }
+};
+function createRetryStrategy(options) {
+  if (typeof options === "number") {
+    return new LinearRetryStrategy({
+      type: "linear",
+      attempts: options,
+      delay: 1000
+    });
+  }
+  switch (options.type) {
+    case "linear":
+      return new LinearRetryStrategy(options);
+    case "exponential":
+      return new ExponentialRetryStrategy(options);
+    default:
+      throw new Error("Invalid retry strategy");
+  }
+}
+var getAuthHeader = async (options) => {
+  const headers = {};
+  const getValue = async (value) => typeof value === "function" ? await value() : value;
+  if (options == null ? undefined : options.auth) {
+    if (options.auth.type === "Bearer") {
+      const token = await getValue(options.auth.token);
+      if (!token) {
+        return headers;
+      }
+      headers["authorization"] = `Bearer ${token}`;
+    } else if (options.auth.type === "Basic") {
+      const [username, password] = await Promise.all([
+        getValue(options.auth.username),
+        getValue(options.auth.password)
+      ]);
+      if (!username || !password) {
+        return headers;
+      }
+      headers["authorization"] = `Basic ${btoa(`${username}:${password}`)}`;
+    } else if (options.auth.type === "Custom") {
+      const [prefix2, value] = await Promise.all([
+        getValue(options.auth.prefix),
+        getValue(options.auth.value)
+      ]);
+      if (!value) {
+        return headers;
+      }
+      headers["authorization"] = `${prefix2 != null ? prefix2 : ""} ${value}`;
+    }
+  }
+  return headers;
+};
+var JSON_RE = /^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;
+function detectResponseType(request3) {
+  const _contentType = request3.headers.get("content-type");
+  const textTypes = /* @__PURE__ */ new Set([
+    "image/svg",
+    "application/xml",
+    "application/xhtml",
+    "application/html"
+  ]);
+  if (!_contentType) {
+    return "json";
+  }
+  const contentType = _contentType.split(";").shift() || "";
+  if (JSON_RE.test(contentType)) {
+    return "json";
+  }
+  if (textTypes.has(contentType) || contentType.startsWith("text/")) {
+    return "text";
+  }
+  return "blob";
+}
+function isJSONParsable(value) {
+  try {
+    JSON.parse(value);
+    return true;
+  } catch (error) {
+    return false;
+  }
+}
+function isJSONSerializable(value) {
+  if (value === undefined) {
+    return false;
+  }
+  const t = typeof value;
+  if (t === "string" || t === "number" || t === "boolean" || t === null) {
+    return true;
+  }
+  if (t !== "object") {
+    return false;
+  }
+  if (Array.isArray(value)) {
+    return true;
+  }
+  if (value.buffer) {
+    return false;
+  }
+  return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
+}
+function jsonParse(text) {
+  try {
+    return JSON.parse(text);
+  } catch (error) {
+    return text;
+  }
+}
+function isFunction2(value) {
+  return typeof value === "function";
+}
+function getFetch(options) {
+  if (options == null ? undefined : options.customFetchImpl) {
+    return options.customFetchImpl;
+  }
+  if (typeof globalThis !== "undefined" && isFunction2(globalThis.fetch)) {
+    return globalThis.fetch;
+  }
+  if (typeof window !== "undefined" && isFunction2(window.fetch)) {
+    return window.fetch;
+  }
+  throw new Error("No fetch implementation found");
+}
+async function getHeaders(opts) {
+  const headers = new Headers(opts == null ? undefined : opts.headers);
+  const authHeader = await getAuthHeader(opts);
+  for (const [key, value] of Object.entries(authHeader || {})) {
+    headers.set(key, value);
+  }
+  if (!headers.has("content-type")) {
+    const t = detectContentType(opts == null ? undefined : opts.body);
+    if (t) {
+      headers.set("content-type", t);
+    }
+  }
+  return headers;
+}
+function detectContentType(body) {
+  if (isJSONSerializable(body)) {
+    return "application/json";
+  }
+  return null;
+}
+function getBody(options) {
+  if (!(options == null ? undefined : options.body)) {
+    return null;
+  }
+  const headers = new Headers(options == null ? undefined : options.headers);
+  if (isJSONSerializable(options.body) && !headers.has("content-type")) {
+    for (const [key, value] of Object.entries(options == null ? undefined : options.body)) {
+      if (value instanceof Date) {
+        options.body[key] = value.toISOString();
+      }
+    }
+    return JSON.stringify(options.body);
+  }
+  if (headers.has("content-type") && headers.get("content-type") === "application/x-www-form-urlencoded") {
+    if (isJSONSerializable(options.body)) {
+      return new URLSearchParams(options.body).toString();
+    }
+    return options.body;
+  }
+  return options.body;
+}
+function getMethod(url, options) {
+  var _a;
+  if (options == null ? undefined : options.method) {
+    return options.method.toUpperCase();
+  }
+  if (url.startsWith("@")) {
+    const pMethod = (_a = url.split("@")[1]) == null ? undefined : _a.split("/")[0];
+    if (!methods.includes(pMethod)) {
+      return (options == null ? undefined : options.body) ? "POST" : "GET";
+    }
+    return pMethod.toUpperCase();
   }
-  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return (options == null ? undefined : options.body) ? "POST" : "GET";
 }
-function generateVerifier() {
-  return base64UrlEncode(randomBytes(32));
+function getTimeout(options, controller) {
+  let abortTimeout;
+  if (!(options == null ? undefined : options.signal) && (options == null ? undefined : options.timeout)) {
+    abortTimeout = setTimeout(() => controller == null ? undefined : controller.abort(), options == null ? undefined : options.timeout);
+  }
+  return {
+    abortTimeout,
+    clearTimeout: () => {
+      if (abortTimeout) {
+        clearTimeout(abortTimeout);
+      }
+    }
+  };
 }
-function generateState() {
-  return base64UrlEncode(randomBytes(16));
+var ValidationError = class _ValidationError extends Error {
+  constructor(issues, message) {
+    super(message || JSON.stringify(issues, null, 2));
+    this.issues = issues;
+    Object.setPrototypeOf(this, _ValidationError.prototype);
+  }
+};
+async function parseStandardSchema(schema, input) {
+  const result = await schema["~standard"].validate(input);
+  if (result.issues) {
+    throw new ValidationError(result.issues);
+  }
+  return result.value;
+}
+var methods = ["get", "post", "put", "patch", "delete"];
+var applySchemaPlugin = (config) => ({
+  id: "apply-schema",
+  name: "Apply Schema",
+  version: "1.0.0",
+  async init(url, options) {
+    var _a, _b, _c, _d;
+    const schema = ((_b = (_a = config.plugins) == null ? undefined : _a.find((plugin) => {
+      var _a2;
+      return ((_a2 = plugin.schema) == null ? undefined : _a2.config) ? url.startsWith(plugin.schema.config.baseURL || "") || url.startsWith(plugin.schema.config.prefix || "") : false;
+    })) == null ? undefined : _b.schema) || config.schema;
+    if (schema) {
+      let urlKey = url;
+      if ((_c = schema.config) == null ? undefined : _c.prefix) {
+        if (urlKey.startsWith(schema.config.prefix)) {
+          urlKey = urlKey.replace(schema.config.prefix, "");
+          if (schema.config.baseURL) {
+            url = url.replace(schema.config.prefix, schema.config.baseURL);
+          }
+        }
+      }
+      if ((_d = schema.config) == null ? undefined : _d.baseURL) {
+        if (urlKey.startsWith(schema.config.baseURL)) {
+          urlKey = urlKey.replace(schema.config.baseURL, "");
+        }
+      }
+      const keySchema = schema.schema[urlKey];
+      if (keySchema) {
+        let opts = __spreadProps(__spreadValues({}, options), {
+          method: keySchema.method,
+          output: keySchema.output
+        });
+        if (!(options == null ? undefined : options.disableValidation)) {
+          opts = __spreadProps(__spreadValues({}, opts), {
+            body: keySchema.input ? await parseStandardSchema(keySchema.input, options == null ? undefined : options.body) : options == null ? undefined : options.body,
+            params: keySchema.params ? await parseStandardSchema(keySchema.params, options == null ? undefined : options.params) : options == null ? undefined : options.params,
+            query: keySchema.query ? await parseStandardSchema(keySchema.query, options == null ? undefined : options.query) : options == null ? undefined : options.query
+          });
+        }
+        return {
+          url,
+          options: opts
+        };
+      }
+    }
+    return {
+      url,
+      options
+    };
+  }
+});
+var createFetch = (config) => {
+  async function $fetch(url, options) {
+    const opts = __spreadProps(__spreadValues(__spreadValues({}, config), options), {
+      plugins: [...(config == null ? undefined : config.plugins) || [], applySchemaPlugin(config || {}), ...(options == null ? undefined : options.plugins) || []]
+    });
+    if (config == null ? undefined : config.catchAllError) {
+      try {
+        return await betterFetch(url, opts);
+      } catch (error) {
+        return {
+          data: null,
+          error: {
+            status: 500,
+            statusText: "Fetch Error",
+            message: "Fetch related error. Captured by catchAllError option. See error property for more details.",
+            error
+          }
+        };
+      }
+    }
+    return await betterFetch(url, opts);
+  }
+  return $fetch;
+};
+function getURL2(url, option) {
+  const { baseURL, params, query } = option || {
+    query: {},
+    params: {},
+    baseURL: ""
+  };
+  let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
+  if (url.startsWith("@")) {
+    const m = url.toString().split("@")[1].split("/")[0];
+    if (methods.includes(m)) {
+      url = url.replace(`@${m}/`, "/");
+    }
+  }
+  if (!basePath.endsWith("/"))
+    basePath += "/";
+  let [path, urlQuery] = url.replace(basePath, "").split("?");
+  const queryParams = new URLSearchParams(urlQuery);
+  for (const [key, value] of Object.entries(query || {})) {
+    if (value == null)
+      continue;
+    let serializedValue;
+    if (typeof value === "string") {
+      serializedValue = value;
+    } else if (Array.isArray(value)) {
+      for (const val of value) {
+        queryParams.append(key, val);
+      }
+      continue;
+    } else {
+      serializedValue = JSON.stringify(value);
+    }
+    queryParams.set(key, serializedValue);
+  }
+  if (params) {
+    if (Array.isArray(params)) {
+      const paramPaths = path.split("/").filter((p) => p.startsWith(":"));
+      for (const [index, key] of paramPaths.entries()) {
+        const value = params[index];
+        path = path.replace(key, value);
+      }
+    } else {
+      for (const [key, value] of Object.entries(params)) {
+        path = path.replace(`:${key}`, String(value));
+      }
+    }
+  }
+  path = path.split("/").map(encodeURIComponent).join("/");
+  if (path.startsWith("/"))
+    path = path.slice(1);
+  let queryParamString = queryParams.toString();
+  queryParamString = queryParamString.length > 0 ? `?${queryParamString}`.replace(/\+/g, "%20") : "";
+  if (!basePath.startsWith("http")) {
+    return `${basePath}${path}${queryParamString}`;
+  }
+  const _url = new URL(`${path}${queryParamString}`, basePath);
+  return _url;
 }
-async function computeChallenge(verifier) {
+var betterFetch = async (url, options) => {
+  var _a, _b, _c, _d, _e, _f, _g, _h;
+  const {
+    hooks,
+    url: __url,
+    options: opts
+  } = await initializePlugins(url, options);
+  const fetch2 = getFetch(opts);
+  const controller = new AbortController;
+  const signal = (_a = opts.signal) != null ? _a : controller.signal;
+  const _url = getURL2(__url, opts);
+  const body = getBody(opts);
+  const headers = await getHeaders(opts);
+  const method = getMethod(__url, opts);
+  let context = __spreadProps(__spreadValues({}, opts), {
+    url: _url,
+    headers,
+    body,
+    method,
+    signal
+  });
+  for (const onRequest of hooks.onRequest) {
+    if (onRequest) {
+      const res = await onRequest(context);
+      if (typeof res === "object" && res !== null) {
+        context = res;
+      }
+    }
+  }
+  if ("pipeTo" in context && typeof context.pipeTo === "function" || typeof ((_b = options == null ? undefined : options.body) == null ? undefined : _b.pipe) === "function") {
+    if (!("duplex" in context)) {
+      context.duplex = "half";
+    }
+  }
+  const { clearTimeout: clearTimeout2 } = getTimeout(opts, controller);
+  let response = await fetch2(context.url, context);
+  clearTimeout2();
+  const responseContext = {
+    response,
+    request: context
+  };
+  for (const onResponse of hooks.onResponse) {
+    if (onResponse) {
+      const r6 = await onResponse(__spreadProps(__spreadValues({}, responseContext), {
+        response: ((_c = options == null ? undefined : options.hookOptions) == null ? undefined : _c.cloneResponse) ? response.clone() : response
+      }));
+      if (r6 instanceof Response) {
+        response = r6;
+      } else if (typeof r6 === "object" && r6 !== null) {
+        response = r6.response;
+      }
+    }
+  }
+  if (response.ok) {
+    const hasBody = context.method !== "HEAD";
+    if (!hasBody) {
+      return {
+        data: "",
+        error: null
+      };
+    }
+    const responseType = detectResponseType(response);
+    const successContext = {
+      data: null,
+      response,
+      request: context
+    };
+    if (responseType === "json" || responseType === "text") {
+      const text = await response.text();
+      const parser2 = (_d = context.jsonParser) != null ? _d : jsonParse;
+      successContext.data = await parser2(text);
+    } else {
+      successContext.data = await response[responseType]();
+    }
+    if (context == null ? undefined : context.output) {
+      if (context.output && !context.disableValidation) {
+        successContext.data = await parseStandardSchema(context.output, successContext.data);
+      }
+    }
+    for (const onSuccess of hooks.onSuccess) {
+      if (onSuccess) {
+        await onSuccess(__spreadProps(__spreadValues({}, successContext), {
+          response: ((_e = options == null ? undefined : options.hookOptions) == null ? undefined : _e.cloneResponse) ? response.clone() : response
+        }));
+      }
+    }
+    if (options == null ? undefined : options.throw) {
+      return successContext.data;
+    }
+    return {
+      data: successContext.data,
+      error: null
+    };
+  }
+  const parser = (_f = options == null ? undefined : options.jsonParser) != null ? _f : jsonParse;
+  const responseText = await response.text();
+  const isJSONResponse = isJSONParsable(responseText);
+  const errorObject = isJSONResponse ? await parser(responseText) : null;
+  const errorContext = {
+    response,
+    responseText,
+    request: context,
+    error: __spreadProps(__spreadValues({}, errorObject), {
+      status: response.status,
+      statusText: response.statusText
+    })
+  };
+  for (const onError of hooks.onError) {
+    if (onError) {
+      await onError(__spreadProps(__spreadValues({}, errorContext), {
+        response: ((_g = options == null ? undefined : options.hookOptions) == null ? undefined : _g.cloneResponse) ? response.clone() : response
+      }));
+    }
+  }
+  if (options == null ? undefined : options.retry) {
+    const retryStrategy = createRetryStrategy(options.retry);
+    const _retryAttempt = (_h = options.retryAttempt) != null ? _h : 0;
+    if (await retryStrategy.shouldAttemptRetry(_retryAttempt, response)) {
+      for (const onRetry of hooks.onRetry) {
+        if (onRetry) {
+          await onRetry(responseContext);
+        }
+      }
+      const delay = retryStrategy.getDelay(_retryAttempt);
+      await new Promise((resolve) => setTimeout(resolve, delay));
+      return await betterFetch(url, __spreadProps(__spreadValues({}, options), {
+        retryAttempt: _retryAttempt + 1
+      }));
+    }
+  }
+  if (options == null ? undefined : options.throw) {
+    throw new BetterFetchError(response.status, response.statusText, isJSONResponse ? errorObject : responseText);
+  }
+  return {
+    data: null,
+    error: __spreadProps(__spreadValues({}, errorObject), {
+      status: response.status,
+      statusText: response.statusText
+    })
+  };
+};
+
+// ../../node_modules/better-auth/dist/client/config.mjs
+var resolvePublicAuthUrl = (basePath) => {
+  if (typeof process === "undefined")
+    return;
+  const path = basePath ?? "/api/auth";
+  if (process.env.NEXT_PUBLIC_AUTH_URL)
+    return process.env.NEXT_PUBLIC_AUTH_URL;
+  if (typeof window === "undefined") {
+    if (process.env.NEXTAUTH_URL)
+      try {
+        return process.env.NEXTAUTH_URL;
+      } catch {}
+    if (process.env.VERCEL_URL)
+      try {
+        const protocol = process.env.VERCEL_URL.startsWith("http") ? "" : "https://";
+        return `${new URL(`${protocol}${process.env.VERCEL_URL}`).origin}${path}`;
+      } catch {}
+  }
+};
+var getClientConfig = (options, loadEnv) => {
+  const isCredentialsSupported = "credentials" in Request.prototype;
+  const baseURL = getBaseURL(options?.baseURL, options?.basePath, undefined, loadEnv) ?? resolvePublicAuthUrl(options?.basePath) ?? "/api/auth";
+  const pluginsFetchPlugins = options?.plugins?.flatMap((plugin) => plugin.fetchPlugins).filter((pl) => pl !== undefined) || [];
+  const lifeCyclePlugin = {
+    id: "lifecycle-hooks",
+    name: "lifecycle-hooks",
+    hooks: {
+      onSuccess: options?.fetchOptions?.onSuccess,
+      onError: options?.fetchOptions?.onError,
+      onRequest: options?.fetchOptions?.onRequest,
+      onResponse: options?.fetchOptions?.onResponse
+    }
+  };
+  const { onSuccess: _onSuccess, onError: _onError, onRequest: _onRequest, onResponse: _onResponse, ...restOfFetchOptions } = options?.fetchOptions || {};
+  const $fetch = createFetch({
+    baseURL,
+    ...isCredentialsSupported ? { credentials: "include" } : {},
+    method: "GET",
+    jsonParser(text) {
+      if (!text)
+        return null;
+      return parseJSON(text, { strict: false });
+    },
+    customFetchImpl: fetch,
+    ...restOfFetchOptions,
+    plugins: [
+      lifeCyclePlugin,
+      ...restOfFetchOptions.plugins || [],
+      ...options?.disableDefaultFetchPlugins ? [] : [redirectPlugin],
+      ...pluginsFetchPlugins
+    ]
+  });
+  const { $sessionSignal, session, broadcastSessionUpdate } = getSessionAtom($fetch, options);
+  const plugins = options?.plugins || [];
+  let pluginsActions = {};
+  const pluginsAtoms = {
+    $sessionSignal,
+    session
+  };
+  const pluginPathMethods = {
+    "/sign-out": "POST",
+    "/revoke-sessions": "POST",
+    "/revoke-other-sessions": "POST",
+    "/delete-user": "POST"
+  };
+  const atomListeners = [{
+    signal: "$sessionSignal",
+    matcher(path) {
+      return path === "/sign-out" || path === "/update-user" || path === "/update-session" || path === "/sign-up/email" || path === "/sign-in/email" || path === "/delete-user" || path === "/verify-email" || path === "/revoke-sessions" || path === "/revoke-session" || path === "/change-email";
+    },
+    callback(path) {
+      if (path === "/sign-out")
+        broadcastSessionUpdate("signout");
+      else if (path === "/update-user" || path === "/update-session")
+        broadcastSessionUpdate("updateUser");
+    }
+  }];
+  for (const plugin of plugins) {
+    if (plugin.getAtoms)
+      Object.assign(pluginsAtoms, plugin.getAtoms?.($fetch));
+    if (plugin.pathMethods)
+      Object.assign(pluginPathMethods, plugin.pathMethods);
+    if (plugin.atomListeners)
+      atomListeners.push(...plugin.atomListeners);
+  }
+  const $store = {
+    notify: (signal) => {
+      pluginsAtoms[signal].set(!pluginsAtoms[signal].get());
+    },
+    listen: (signal, listener) => {
+      pluginsAtoms[signal].subscribe(listener);
+    },
+    atoms: pluginsAtoms
+  };
+  for (const plugin of plugins)
+    if (plugin.getActions)
+      pluginsActions = defu(plugin.getActions?.($fetch, $store, options) ?? {}, pluginsActions);
+  return {
+    get baseURL() {
+      return baseURL;
+    },
+    pluginsActions,
+    pluginsAtoms,
+    pluginPathMethods,
+    atomListeners,
+    $fetch,
+    $store
+  };
+};
+
+// ../../node_modules/better-auth/dist/utils/is-atom.mjs
+function isAtom(value) {
+  return typeof value === "object" && value !== null && "get" in value && typeof value.get === "function" && "lc" in value && typeof value.lc === "number";
+}
+
+// ../../node_modules/better-auth/dist/client/proxy.mjs
+function getMethod2(path, knownPathMethods, args) {
+  const method = knownPathMethods[path];
+  const { fetchOptions, query: _query, ...body } = args || {};
+  if (method)
+    return method;
+  if (fetchOptions?.method)
+    return fetchOptions.method;
+  if (body && Object.keys(body).length > 0)
+    return "POST";
+  return "GET";
+}
+function createDynamicPathProxy(routes, client, knownPathMethods, atoms, atomListeners) {
+  function createProxy(path = []) {
+    return new Proxy(function() {}, {
+      get(_, prop) {
+        if (typeof prop !== "string")
+          return;
+        if (prop === "then" || prop === "catch" || prop === "finally")
+          return;
+        const fullPath = [...path, prop];
+        let current = routes;
+        for (const segment of fullPath)
+          if (current && typeof current === "object" && segment in current)
+            current = current[segment];
+          else {
+            current = undefined;
+            break;
+          }
+        if (typeof current === "function")
+          return current;
+        if (isAtom(current))
+          return current;
+        return createProxy(fullPath);
+      },
+      apply: async (_, __, args) => {
+        const routePath = "/" + path.map((segment) => segment.replace(/[A-Z]/g, (letter) => `-${letter.toLowerCase()}`)).join("/");
+        const arg = args[0] || {};
+        const fetchOptions = args[1] || {};
+        const { query, fetchOptions: argFetchOptions, ...body } = arg;
+        const options = {
+          ...fetchOptions,
+          ...argFetchOptions
+        };
+        const method = getMethod2(routePath, knownPathMethods, arg);
+        return await client(routePath, {
+          ...options,
+          body: method === "GET" ? undefined : {
+            ...body,
+            ...options?.body || {}
+          },
+          query: query || options?.query,
+          method,
+          async onSuccess(context) {
+            await options?.onSuccess?.(context);
+            if (!atomListeners || options.disableSignal)
+              return;
+            const matches = atomListeners.filter((s6) => s6.matcher(routePath));
+            if (!matches.length)
+              return;
+            const visited = /* @__PURE__ */ new Set;
+            for (const match of matches) {
+              const signal = atoms[match.signal];
+              if (!signal)
+                return;
+              if (visited.has(match.signal))
+                continue;
+              visited.add(match.signal);
+              const val = signal.get();
+              setTimeout(() => {
+                signal.set(!val);
+              }, 10);
+              match.callback?.(routePath);
+            }
+          }
+        });
+      }
+    });
+  }
+  return createProxy();
+}
+
+// ../../node_modules/@better-auth/core/dist/utils/string.mjs
+function capitalizeFirstLetter(str) {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
+
+// ../../node_modules/better-auth/dist/client/vanilla.mjs
+function createAuthClient(options) {
+  const { pluginPathMethods, pluginsActions, pluginsAtoms, $fetch, atomListeners, $store } = getClientConfig(options);
+  const resolvedHooks = {};
+  for (const [key, value] of Object.entries(pluginsAtoms))
+    resolvedHooks[`use${capitalizeFirstLetter(key)}`] = value;
+  return createDynamicPathProxy({
+    ...pluginsActions,
+    ...resolvedHooks,
+    $fetch,
+    $store
+  }, $fetch, pluginPathMethods, pluginsAtoms, atomListeners);
+}
+
+// ../../node_modules/better-auth/dist/plugins/organization/access/statement.mjs
+var defaultStatements2 = {
+  organization: ["update", "delete"],
+  member: [
+    "create",
+    "update",
+    "delete"
+  ],
+  invitation: ["create", "cancel"],
+  team: [
+    "create",
+    "update",
+    "delete"
+  ],
+  ac: [
+    "create",
+    "read",
+    "update",
+    "delete"
+  ]
+};
+var defaultAc2 = createAccessControl(defaultStatements2);
+var adminAc2 = defaultAc2.newRole({
+  organization: ["update"],
+  invitation: ["create", "cancel"],
+  member: [
+    "create",
+    "update",
+    "delete"
+  ],
+  team: [
+    "create",
+    "update",
+    "delete"
+  ],
+  ac: [
+    "create",
+    "read",
+    "update",
+    "delete"
+  ]
+});
+var ownerAc = defaultAc2.newRole({
+  organization: ["update", "delete"],
+  member: [
+    "create",
+    "update",
+    "delete"
+  ],
+  invitation: ["create", "cancel"],
+  team: [
+    "create",
+    "update",
+    "delete"
+  ],
+  ac: [
+    "create",
+    "read",
+    "update",
+    "delete"
+  ]
+});
+var memberAc = defaultAc2.newRole({
+  organization: [],
+  member: [],
+  invitation: [],
+  team: [],
+  ac: ["read"]
+});
+
+// ../../node_modules/better-auth/dist/plugins/phone-number/error-codes.mjs
+var PHONE_NUMBER_ERROR_CODES = defineErrorCodes({
+  INVALID_PHONE_NUMBER: "Invalid phone number",
+  PHONE_NUMBER_EXIST: "Phone number already exists",
+  PHONE_NUMBER_NOT_EXIST: "phone number isn't registered",
+  INVALID_PHONE_NUMBER_OR_PASSWORD: "Invalid phone number or password",
+  UNEXPECTED_ERROR: "Unexpected error",
+  OTP_NOT_FOUND: "OTP not found",
+  OTP_EXPIRED: "OTP expired",
+  INVALID_OTP: "Invalid OTP",
+  PHONE_NUMBER_NOT_VERIFIED: "Phone number not verified",
+  PHONE_NUMBER_CANNOT_BE_UPDATED: "Phone number cannot be updated",
+  SEND_OTP_NOT_IMPLEMENTED: "sendOTP not implemented",
+  TOO_MANY_ATTEMPTS: "Too many attempts"
+});
+
+// ../../node_modules/better-auth/dist/plugins/two-factor/error-code.mjs
+var TWO_FACTOR_ERROR_CODES = defineErrorCodes({
+  OTP_NOT_ENABLED: "OTP not enabled",
+  OTP_HAS_EXPIRED: "OTP has expired",
+  TOTP_NOT_ENABLED: "TOTP not enabled",
+  TWO_FACTOR_NOT_ENABLED: "Two factor isn't enabled",
+  BACKUP_CODES_NOT_ENABLED: "Backup codes aren't enabled",
+  INVALID_BACKUP_CODE: "Invalid backup code",
+  INVALID_CODE: "Invalid code",
+  TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE: "Too many attempts. Please request a new code.",
+  INVALID_TWO_FACTOR_COOKIE: "Invalid two factor cookie"
+});
+
+// ../../node_modules/better-auth/dist/plugins/username/error-codes.mjs
+var USERNAME_ERROR_CODES = defineErrorCodes({
+  INVALID_USERNAME_OR_PASSWORD: "Invalid username or password",
+  EMAIL_NOT_VERIFIED: "Email not verified",
+  UNEXPECTED_ERROR: "Unexpected error",
+  USERNAME_IS_ALREADY_TAKEN: "Username is already taken. Please try another.",
+  USERNAME_TOO_SHORT: "Username is too short",
+  USERNAME_TOO_LONG: "Username is too long",
+  INVALID_USERNAME: "Username is invalid",
+  INVALID_DISPLAY_USERNAME: "Display username is invalid"
+});
+
+// ../../node_modules/@sigma-auth/better-auth-plugin/dist/client/local-signer.js
+class LocalServerSigner {
+  baseUrl;
+  timeout;
+  accessToken = null;
+  currentBapId = null;
+  constructor(options = {}) {
+    this.baseUrl = options.baseUrl || "http://localhost:21000";
+    this.timeout = options.timeout || 5000;
+  }
+  async probe() {
+    try {
+      const controller = new AbortController;
+      const timeoutId = setTimeout(() => controller.abort(), 500);
+      const res = await fetch(`${this.baseUrl}/api/status`, {
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      return res.ok;
+    } catch {
+      return false;
+    }
+  }
+  async getStatus() {
+    try {
+      const controller = new AbortController;
+      const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+      const res = await fetch(`${this.baseUrl}/api/status`, {
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok)
+        return null;
+      return await res.json();
+    } catch {
+      return null;
+    }
+  }
+  async authenticate(host, scopes = ["sign", "encrypt", "decrypt"], expiry = "1h") {
+    try {
+      const controller = new AbortController;
+      const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+      const res = await fetch(`${this.baseUrl}/api/auth`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ host, scopes, expiry }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok)
+        return false;
+      const data = await res.json();
+      this.accessToken = data.accessToken;
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  isReady() {
+    return this.accessToken !== null;
+  }
+  setIdentity(bapId) {
+    this.currentBapId = bapId;
+  }
+  getIdentity() {
+    return this.currentBapId;
+  }
+  async sign(path, body, signatureType = "brc77") {
+    if (!this.accessToken) {
+      throw new Error("Not authenticated. Call authenticate() first.");
+    }
+    const controller = new AbortController;
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const res = await fetch(`${this.baseUrl}/api/sign`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.accessToken}`
+        },
+        body: JSON.stringify({
+          path,
+          body,
+          signatureType
+        }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`Sign request failed: ${error}`);
+      }
+      const data = await res.json();
+      return data.token;
+    } catch (err) {
+      clearTimeout(timeoutId);
+      throw err;
+    }
+  }
+  async signAIP(hexArray) {
+    if (!this.accessToken) {
+      throw new Error("Not authenticated. Call authenticate() first.");
+    }
+    const controller = new AbortController;
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const res = await fetch(`${this.baseUrl}/api/sign-aip`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.accessToken}`
+        },
+        body: JSON.stringify({ data: hexArray }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`AIP sign request failed: ${error}`);
+      }
+      const data = await res.json();
+      return data.signedOps;
+    } catch (err) {
+      clearTimeout(timeoutId);
+      throw err;
+    }
+  }
+  async encrypt(data, friendBapId, theirPublicKey) {
+    if (!this.accessToken) {
+      throw new Error("Not authenticated. Call authenticate() first.");
+    }
+    const controller = new AbortController;
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const res = await fetch(`${this.baseUrl}/api/encrypt`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.accessToken}`
+        },
+        body: JSON.stringify({
+          data,
+          friendBapId,
+          theirPublicKey
+        }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`Encrypt request failed: ${error}`);
+      }
+      const result = await res.json();
+      return result.ciphertext;
+    } catch (err) {
+      clearTimeout(timeoutId);
+      throw err;
+    }
+  }
+  async decrypt(ciphertext, friendBapId, theirPublicKey) {
+    if (!this.accessToken) {
+      throw new Error("Not authenticated. Call authenticate() first.");
+    }
+    const controller = new AbortController;
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const res = await fetch(`${this.baseUrl}/api/decrypt`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.accessToken}`
+        },
+        body: JSON.stringify({
+          ciphertext,
+          friendBapId,
+          theirPublicKey
+        }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`Decrypt request failed: ${error}`);
+      }
+      const result = await res.json();
+      return result.data;
+    } catch (err) {
+      clearTimeout(timeoutId);
+      throw err;
+    }
+  }
+  async getFriendPublicKey(friendBapId) {
+    if (!this.accessToken) {
+      throw new Error("Not authenticated. Call authenticate() first.");
+    }
+    const controller = new AbortController;
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const res = await fetch(`${this.baseUrl}/api/friend-pubkey`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.accessToken}`
+        },
+        body: JSON.stringify({ friendBapId }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`Get friend public key failed: ${error}`);
+      }
+      const result = await res.json();
+      return result.publicKey;
+    } catch (err) {
+      clearTimeout(timeoutId);
+      throw err;
+    }
+  }
+  getBaseUrl() {
+    return this.baseUrl;
+  }
+  destroy() {
+    this.accessToken = null;
+    this.currentBapId = null;
+  }
+}
+
+// ../../node_modules/@sigma-auth/better-auth-plugin/dist/client/sigma-cwi.js
+var isRecord3 = (v) => typeof v === "object" && v !== null;
+var isResponse4 = (v) => isRecord3(v) && v.type === "CWI" && v.isInvocation === false && typeof v.id === "string";
+var isState3 = (v) => isRecord3(v) && v.type === "CWI" && isRecord3(v.cwiState);
+var createId3 = () => typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `${Date.now()}-${Math.random().toString(36).slice(2, 14)}`;
+var DEFAULT_TIMEOUT_MS = 30000;
+var HANDSHAKE_TIMEOUT_MS = 1e4;
+
+class SigmaCWISigner {
+  iframe = null;
+  pending = new Map;
+  initialized = false;
+  destroyed = false;
+  currentBapId = null;
+  sigmaUrl;
+  sigmaOrigin;
+  handshakeResolve = null;
+  handshakeReject = null;
+  handshakeComplete = false;
+  boundMessageHandler = null;
+  constructor(sigmaUrl) {
+    this.sigmaUrl = sigmaUrl;
+    this.sigmaOrigin = new URL(sigmaUrl).origin;
+  }
+  async init() {
+    if (typeof window === "undefined") {
+      throw new Error("SigmaCWISigner can only be used in browser");
+    }
+    if (this.initialized)
+      return;
+    this.iframe = document.createElement("iframe");
+    this.iframe.src = `${this.sigmaUrl}/signer`;
+    this.iframe.setAttribute("aria-hidden", "true");
+    this.iframe.style.cssText = `
+			position: fixed;
+			top: 0;
+			left: 0;
+			width: 0;
+			height: 0;
+			border: 0;
+			opacity: 0;
+			pointer-events: none;
+			z-index: 2147483647;
+		`;
+    document.body.appendChild(this.iframe);
+    this.boundMessageHandler = this.handleMessage.bind(this);
+    window.addEventListener("message", this.boundMessageHandler);
+    await this.waitForHandshake();
+    this.initialized = true;
+  }
+  waitForHandshake() {
+    if (this.handshakeComplete)
+      return Promise.resolve();
+    return new Promise((resolve, reject) => {
+      this.handshakeResolve = resolve;
+      this.handshakeReject = reject;
+      setTimeout(() => {
+        if (!this.handshakeComplete) {
+          this.handshakeReject?.(new Error("Sigma signer handshake timed out"));
+          this.handshakeResolve = null;
+          this.handshakeReject = null;
+        }
+      }, HANDSHAKE_TIMEOUT_MS);
+    });
+  }
+  handleMessage(event) {
+    if (this.destroyed)
+      return;
+    if (event.origin !== this.sigmaOrigin)
+      return;
+    const data = event.data;
+    if (isState3(data)) {
+      const { status, hasPermission: hasPermission2 } = data.cwiState;
+      if (status === "need_password" || hasPermission2) {
+        this.showIframe();
+      } else {
+        this.hideIframe();
+      }
+      if (!this.handshakeComplete) {
+        this.handshakeComplete = true;
+        this.handshakeResolve?.();
+        this.handshakeResolve = null;
+        this.handshakeReject = null;
+      }
+      if (status === "error") {
+        this.rejectAllPending(new Error("Signer error. Please sign in to Sigma Identity."));
+      }
+      return;
+    }
+    if (!isResponse4(data))
+      return;
+    const req = this.pending.get(data.id);
+    if (!req)
+      return;
+    this.pending.delete(data.id);
+    clearTimeout(req.timeout);
+    if (data.status === "error") {
+      req.reject(new Error(data.description ?? "CWI request failed"));
+    } else {
+      req.resolve(data.result);
+    }
+  }
+  showIframe() {
+    if (!this.iframe)
+      return;
+    this.iframe.style.width = "100%";
+    this.iframe.style.height = "100%";
+    this.iframe.style.opacity = "1";
+    this.iframe.style.pointerEvents = "auto";
+  }
+  hideIframe() {
+    if (!this.iframe)
+      return;
+    this.iframe.style.width = "0";
+    this.iframe.style.height = "0";
+    this.iframe.style.opacity = "0";
+    this.iframe.style.pointerEvents = "none";
+  }
+  sendCWI(call, args) {
+    if (this.destroyed) {
+      return Promise.reject(new Error("SigmaCWISigner has been destroyed"));
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      return Promise.reject(new Error("Sigma iframe not accessible"));
+    }
+    const id = createId3();
+    const request3 = {
+      type: "CWI",
+      isInvocation: true,
+      id,
+      call,
+      args
+    };
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pending.delete(id);
+        reject(new Error(`CWI request timed out: ${call}`));
+      }, DEFAULT_TIMEOUT_MS);
+      this.pending.set(id, {
+        resolve,
+        reject,
+        timeout
+      });
+      contentWindow.postMessage(request3, this.sigmaOrigin);
+    });
+  }
+  sendCustomMessage(type, payload) {
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow)
+      return;
+    contentWindow.postMessage({ type, payload }, this.sigmaOrigin);
+  }
+  ensureIdentity() {
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+  }
+  async ensureReady() {
+    if (!this.initialized) {
+      await this.init();
+    }
+    this.ensureIdentity();
+    this.sendCustomMessage("SET_IDENTITY", { bapId: this.currentBapId });
+  }
+  setIdentity(bapId) {
+    this.currentBapId = bapId;
+    if (this.initialized && this.iframe?.contentWindow) {
+      this.sendCustomMessage("SET_IDENTITY", { bapId });
+    }
+  }
+  getIdentity() {
+    return this.currentBapId;
+  }
+  async sign(requestPath, body, signatureType = "brc77") {
+    await this.ensureReady();
+    return this.sendCWI("signAuthToken", {
+      requestPath,
+      body,
+      signatureType
+    });
+  }
+  async signAIP(hexArray) {
+    await this.ensureReady();
+    return this.sendCWI("signAIP", { hexArray });
+  }
+  async encrypt(data, friendBapId, theirPublicKey) {
+    await this.ensureReady();
+    const result = await this.sendCWI("encrypt", {
+      plaintext: new TextEncoder().encode(data),
+      protocolID: [2, "sigma-encrypt"],
+      keyID: friendBapId,
+      counterparty: theirPublicKey
+    });
+    return btoa(String.fromCharCode(...new Uint8Array(Object.values(result.ciphertext))));
+  }
+  async decrypt(ciphertext, friendBapId, theirPublicKey) {
+    await this.ensureReady();
+    const ciphertextBytes = Uint8Array.from(atob(ciphertext), (c) => c.charCodeAt(0));
+    const result = await this.sendCWI("decrypt", {
+      ciphertext: ciphertextBytes,
+      protocolID: [2, "sigma-encrypt"],
+      keyID: friendBapId,
+      counterparty: theirPublicKey
+    });
+    return new TextDecoder().decode(new Uint8Array(Object.values(result.plaintext)));
+  }
+  async getFriendPublicKey(friendBapId) {
+    await this.ensureReady();
+    const result = await this.sendCWI("getPublicKey", {
+      protocolID: [2, "sigma-encrypt"],
+      keyID: friendBapId
+    });
+    return result.publicKey;
+  }
+  isReady() {
+    return this.initialized && !this.destroyed && this.iframe !== null;
+  }
+  destroy() {
+    if (this.destroyed)
+      return;
+    this.destroyed = true;
+    if (this.boundMessageHandler) {
+      window.removeEventListener("message", this.boundMessageHandler);
+      this.boundMessageHandler = null;
+    }
+    this.rejectAllPending(new Error("Signer destroyed"));
+    if (this.iframe?.parentNode) {
+      this.iframe.parentNode.removeChild(this.iframe);
+    }
+    this.iframe = null;
+    this.initialized = false;
+  }
+  rejectAllPending(error) {
+    for (const [, req] of this.pending) {
+      clearTimeout(req.timeout);
+      req.reject(error);
+    }
+    this.pending.clear();
+  }
+}
+// ../../node_modules/@sigma-auth/better-auth-plugin/dist/client/signer.js
+class SigmaIframeSigner {
+  iframe = null;
+  pendingRequests = new Map;
+  pendingAIPRequests = new Map;
+  pendingEncryptRequests = new Map;
+  pendingDecryptRequests = new Map;
+  pendingGetFriendPubkeyRequests = new Map;
+  pendingWalletKeyRequests = new Map;
+  initialized = false;
+  boundMessageHandler = null;
+  currentBapId = null;
+  sigmaUrl;
+  constructor(sigmaUrl) {
+    this.sigmaUrl = sigmaUrl;
+  }
+  async init() {
+    if (typeof window === "undefined") {
+      throw new Error("SigmaIframeSigner can only be used in browser");
+    }
+    if (this.initialized)
+      return;
+    this.iframe = document.createElement("iframe");
+    this.iframe.src = `${this.sigmaUrl}/signer`;
+    this.iframe.style.cssText = `
+			position: fixed;
+			inset: 0;
+			width: 100vw;
+			height: 100vh;
+			border: none;
+			background: transparent;
+			z-index: 10000;
+			display: none;
+			pointer-events: auto;
+		`;
+    document.body.appendChild(this.iframe);
+    this.boundMessageHandler = this.handleMessage.bind(this);
+    window.addEventListener("message", this.boundMessageHandler);
+    const iframe = this.iframe;
+    await new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => reject(new Error("Sigma iframe load timeout")), 1e4);
+      iframe.addEventListener("load", () => {
+        clearTimeout(timeout);
+        this.initialized = true;
+        resolve();
+      });
+      iframe.addEventListener("error", () => {
+        clearTimeout(timeout);
+        reject(new Error("Failed to load Sigma iframe"));
+      });
+    });
+  }
+  setIdentity(bapId) {
+    this.currentBapId = bapId;
+    if (this.initialized && this.iframe?.contentWindow) {
+      this.iframe.contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId } }, this.sigmaUrl);
+    }
+  }
+  async sign(requestPath, body, signatureType = "brc77") {
+    if (!this.initialized) {
+      await this.init();
+    }
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      throw new Error("Sigma iframe not accessible");
+    }
+    contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId: this.currentBapId } }, this.sigmaUrl);
+    const requestId = `req_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+    const request3 = {
+      requestId,
+      requestPath,
+      signatureType
+    };
+    if (body) {
+      request3.body = body;
+      request3.bodyEncoding = "utf8";
+    }
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingRequests.delete(requestId);
+        reject(new Error("Signature request timeout"));
+      }, 30000);
+      this.pendingRequests.set(requestId, { resolve, reject, timeout });
+      contentWindow.postMessage({ type: "SIGN_REQUEST", payload: request3 }, this.sigmaUrl);
+    });
+  }
+  async signAIP(hexArray) {
+    if (!this.initialized) {
+      await this.init();
+    }
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      throw new Error("Sigma iframe not accessible");
+    }
+    contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId: this.currentBapId } }, this.sigmaUrl);
+    const requestId = `aip_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+    const request3 = {
+      requestId,
+      hexArray
+    };
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingAIPRequests.delete(requestId);
+        reject(new Error("AIP signature request timeout"));
+      }, 30000);
+      this.pendingAIPRequests.set(requestId, { resolve, reject, timeout });
+      contentWindow.postMessage({ type: "SIGN_AIP_REQUEST", payload: request3 }, this.sigmaUrl);
+    });
+  }
+  async encrypt(data, friendBapId, counterPartyPublicKey) {
+    if (!this.initialized) {
+      await this.init();
+    }
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      throw new Error("Sigma iframe not accessible");
+    }
+    contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId: this.currentBapId } }, this.sigmaUrl);
+    const requestId = `enc_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+    const request3 = {
+      requestId,
+      data,
+      friendBapId,
+      counterPartyPublicKey
+    };
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingEncryptRequests.delete(requestId);
+        reject(new Error("Encryption request timeout"));
+      }, 30000);
+      this.pendingEncryptRequests.set(requestId, { resolve, reject, timeout });
+      contentWindow.postMessage({ type: "ENCRYPT_REQUEST", payload: request3 }, this.sigmaUrl);
+    });
+  }
+  async decrypt(ciphertext, friendBapId, counterPartyPublicKey) {
+    if (!this.initialized) {
+      await this.init();
+    }
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      throw new Error("Sigma iframe not accessible");
+    }
+    contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId: this.currentBapId } }, this.sigmaUrl);
+    const requestId = `dec_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+    const request3 = {
+      requestId,
+      ciphertext,
+      friendBapId,
+      counterPartyPublicKey
+    };
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingDecryptRequests.delete(requestId);
+        reject(new Error("Decryption request timeout"));
+      }, 30000);
+      this.pendingDecryptRequests.set(requestId, { resolve, reject, timeout });
+      contentWindow.postMessage({ type: "DECRYPT_REQUEST", payload: request3 }, this.sigmaUrl);
+    });
+  }
+  async getFriendPublicKey(friendBapId) {
+    if (!this.initialized) {
+      await this.init();
+    }
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      throw new Error("Sigma iframe not accessible");
+    }
+    contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId: this.currentBapId } }, this.sigmaUrl);
+    const requestId = `pubkey_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+    const request3 = {
+      requestId,
+      friendBapId
+    };
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingGetFriendPubkeyRequests.delete(requestId);
+        reject(new Error("Get friend public key request timeout"));
+      }, 30000);
+      this.pendingGetFriendPubkeyRequests.set(requestId, {
+        resolve,
+        reject,
+        timeout
+      });
+      contentWindow.postMessage({ type: "GET_FRIEND_PUBKEY_REQUEST", payload: request3 }, this.sigmaUrl);
+    });
+  }
+  async getWalletKey() {
+    if (!this.initialized) {
+      await this.init();
+    }
+    if (!this.currentBapId) {
+      throw new Error("No identity set. Call setIdentity() first.");
+    }
+    const contentWindow = this.iframe?.contentWindow;
+    if (!contentWindow) {
+      throw new Error("Sigma iframe not accessible");
+    }
+    contentWindow.postMessage({ type: "SET_IDENTITY", payload: { bapId: this.currentBapId } }, this.sigmaUrl);
+    const requestId = `wkey_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pendingWalletKeyRequests.delete(requestId);
+        reject(new Error("Wallet key request timeout"));
+      }, 30000);
+      this.pendingWalletKeyRequests.set(requestId, {
+        resolve,
+        reject,
+        timeout
+      });
+      contentWindow.postMessage({ type: "GET_WALLET_KEY_REQUEST", payload: { requestId } }, this.sigmaUrl);
+    });
+  }
+  handleMessage(event) {
+    if (event.origin !== this.sigmaUrl) {
+      return;
+    }
+    const { type, payload } = event.data || {};
+    switch (type) {
+      case "WALLET_LOCKED":
+        if (this.iframe) {
+          this.iframe.style.display = "block";
+        }
+        break;
+      case "WALLET_UNLOCKED":
+        if (this.iframe) {
+          this.iframe.style.display = "none";
+        }
+        break;
+      case "SIGNER_ERROR": {
+        if (this.iframe) {
+          this.iframe.style.display = "none";
+        }
+        const errorMsg = event.data.error || "Signer error";
+        this.rejectAllPending(new Error(`Signer error: ${errorMsg}. Please sign in to Sigma Identity.`));
+        break;
+      }
+      case "SIGN_RESPONSE": {
+        const response = payload;
+        const pending = this.pendingRequests.get(response.requestId);
+        if (pending) {
+          clearTimeout(pending.timeout);
+          this.pendingRequests.delete(response.requestId);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else {
+            pending.resolve(response.authToken);
+          }
+        }
+        break;
+      }
+      case "SIGN_AIP_RESPONSE": {
+        const response = payload;
+        const pending = this.pendingAIPRequests.get(response.requestId);
+        if (pending) {
+          clearTimeout(pending.timeout);
+          this.pendingAIPRequests.delete(response.requestId);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else if (response.signedOps) {
+            pending.resolve(response.signedOps);
+          } else {
+            pending.reject(new Error("No signed ops returned"));
+          }
+        }
+        break;
+      }
+      case "ENCRYPT_RESPONSE": {
+        const response = payload;
+        const pending = this.pendingEncryptRequests.get(response.requestId);
+        if (pending) {
+          clearTimeout(pending.timeout);
+          this.pendingEncryptRequests.delete(response.requestId);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else if (response.encrypted) {
+            pending.resolve(response.encrypted);
+          } else {
+            pending.reject(new Error("No encrypted data returned"));
+          }
+        }
+        break;
+      }
+      case "DECRYPT_RESPONSE": {
+        const response = payload;
+        const pending = this.pendingDecryptRequests.get(response.requestId);
+        if (pending) {
+          clearTimeout(pending.timeout);
+          this.pendingDecryptRequests.delete(response.requestId);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else if (response.decrypted !== undefined) {
+            pending.resolve(response.decrypted);
+          } else {
+            pending.reject(new Error("No decrypted data returned"));
+          }
+        }
+        break;
+      }
+      case "GET_FRIEND_PUBKEY_RESPONSE": {
+        const response = payload;
+        const pending = this.pendingGetFriendPubkeyRequests.get(response.requestId);
+        if (pending) {
+          clearTimeout(pending.timeout);
+          this.pendingGetFriendPubkeyRequests.delete(response.requestId);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else if (response.publicKey) {
+            pending.resolve(response.publicKey);
+          } else {
+            pending.reject(new Error("No public key returned"));
+          }
+        }
+        break;
+      }
+      case "GET_WALLET_KEY_RESPONSE": {
+        const response = payload;
+        const pending = this.pendingWalletKeyRequests.get(response.requestId);
+        if (pending) {
+          clearTimeout(pending.timeout);
+          this.pendingWalletKeyRequests.delete(response.requestId);
+          if (response.error) {
+            pending.reject(new Error(response.error));
+          } else if (response.encryptedWalletKey) {
+            pending.resolve(response.encryptedWalletKey);
+          } else {
+            pending.reject(new Error("No wallet key returned"));
+          }
+        }
+        break;
+      }
+    }
+  }
+  rejectAllPending(error) {
+    for (const [, pending] of this.pendingRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(error);
+    }
+    this.pendingRequests.clear();
+    for (const [, pending] of this.pendingAIPRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(error);
+    }
+    this.pendingAIPRequests.clear();
+    for (const [, pending] of this.pendingEncryptRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(error);
+    }
+    this.pendingEncryptRequests.clear();
+    for (const [, pending] of this.pendingDecryptRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(error);
+    }
+    this.pendingDecryptRequests.clear();
+    for (const [, pending] of this.pendingGetFriendPubkeyRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(error);
+    }
+    this.pendingGetFriendPubkeyRequests.clear();
+    for (const [, pending] of this.pendingWalletKeyRequests) {
+      clearTimeout(pending.timeout);
+      pending.reject(error);
+    }
+    this.pendingWalletKeyRequests.clear();
+  }
+  isReady() {
+    return this.initialized && this.iframe !== null;
+  }
+  getIdentity() {
+    return this.currentBapId;
+  }
+  destroy() {
+    if (this.iframe) {
+      document.body.removeChild(this.iframe);
+      this.iframe = null;
+    }
+    if (this.boundMessageHandler) {
+      window.removeEventListener("message", this.boundMessageHandler);
+      this.boundMessageHandler = null;
+    }
+    this.initialized = false;
+    this.rejectAllPending(new Error("Signer destroyed"));
+  }
+}
+// ../../node_modules/@sigma-auth/better-auth-plugin/dist/client/index.js
+var signer = null;
+var signerType = null;
+var storedBapId = null;
+var hasSessionListener = false;
+var BAP_ID_STORAGE_KEY = "sigma_bap_id";
+var getSigmaUrl = () => {
+  if (typeof process !== "undefined" && process.env.NEXT_PUBLIC_SIGMA_AUTH_URL) {
+    return process.env.NEXT_PUBLIC_SIGMA_AUTH_URL;
+  }
+  return "https://auth.sigmaidentity.com";
+};
+var getLocalServerUrl = () => {
+  if (typeof process !== "undefined" && process.env.NEXT_PUBLIC_TOKENPASS_URL) {
+    return process.env.NEXT_PUBLIC_TOKENPASS_URL;
+  }
+  return "http://localhost:21000";
+};
+var preferLocalServer = false;
+var localServerOptions = {};
+var serverDetectedCallback;
+var getOrCreateSigner = async () => {
+  if (signer?.isReady()) {
+    return signer;
+  }
+  if (preferLocalServer && signerType !== "iframe") {
+    const localSigner = new LocalServerSigner({
+      baseUrl: localServerOptions.baseUrl || getLocalServerUrl(),
+      timeout: localServerOptions.timeout
+    });
+    if (await localSigner.probe()) {
+      signer = localSigner;
+      signerType = "local";
+      serverDetectedCallback?.(localSigner.getBaseUrl(), true);
+      const host = typeof window !== "undefined" ? window.location.host : "localhost";
+      await localSigner.authenticate(host);
+      return signer;
+    }
+  }
+  if (!signer || signerType !== "iframe") {
+    const cwiSigner = new SigmaCWISigner(getSigmaUrl());
+    signer = cwiSigner;
+    signerType = "iframe";
+    serverDetectedCallback?.(getSigmaUrl(), false);
+  }
+  if (!signer.isReady()) {
+    await signer.init();
+  }
+  return signer;
+};
+var loadStoredBapId = () => {
+  if (typeof window === "undefined")
+    return null;
+  if (storedBapId)
+    return storedBapId;
+  const stored = localStorage.getItem(BAP_ID_STORAGE_KEY);
+  if (stored) {
+    storedBapId = stored;
+  }
+  return storedBapId;
+};
+var clearStoredIdentity = () => {
+  storedBapId = null;
+  if (typeof window !== "undefined") {
+    localStorage.removeItem(BAP_ID_STORAGE_KEY);
+  }
+  if (signer) {
+    signer.destroy();
+    signer = null;
+    signerType = null;
+  }
+};
+var generateCodeVerifier = () => {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return btoa(String.fromCharCode(...array)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+};
+var generateCodeChallenge = async (verifier) => {
   const encoder = new TextEncoder;
   const data = encoder.encode(verifier);
   const hash = await crypto.subtle.digest("SHA-256", data);
-  return base64UrlEncode(new Uint8Array(hash));
-}
-async function initiateSigmaOAuth(config) {
-  const callbackURL = config.callbackURL ?? "/auth/sigma/callback";
-  const scopes = config.scopes ?? ["openid", "profile"];
-  const verifier = generateVerifier();
-  const challenge = await computeChallenge(verifier);
-  const state = generateState();
-  sessionStorage.setItem(VERIFIER_KEY, verifier);
-  sessionStorage.setItem(STATE_KEY, state);
-  const redirectUri = new URL(callbackURL, window.location.origin).toString();
-  const params = new URLSearchParams({
-    response_type: "code",
-    client_id: config.clientId,
-    redirect_uri: redirectUri,
-    state,
-    code_challenge: challenge,
-    code_challenge_method: "S256",
-    scope: scopes.join(" ")
+  return btoa(String.fromCharCode(...new Uint8Array(hash))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+};
+var sigmaClient = (options = {}) => {
+  preferLocalServer = options.preferLocal ?? false;
+  localServerOptions = {
+    baseUrl: options.localServerUrl,
+    timeout: options.localServerTimeout
+  };
+  serverDetectedCallback = options.onServerDetected;
+  return {
+    id: "sigma",
+    getActions: ($fetch, $store) => {
+      if (typeof window !== "undefined" && (options.clearIdentityOnSignOut ?? true) && !hasSessionListener) {
+        const store = $store;
+        const sessionAtom = store.atoms?.session;
+        if (sessionAtom?.get && sessionAtom.listen) {
+          hasSessionListener = true;
+          let hadSession = !!sessionAtom.get()?.data;
+          sessionAtom.listen((value) => {
+            const hasSession = !!value?.data;
+            if (hadSession && !hasSession) {
+              clearStoredIdentity();
+            }
+            hadSession = hasSession;
+          });
+        }
+      }
+      return {
+        subscription: {
+          getStatus: async () => {
+            const res = await $fetch("/subscription/status", {
+              method: "GET"
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to fetch subscription status");
+            }
+            return res.data;
+          },
+          hasTier: (currentTier, requiredTier) => {
+            const tierPriority = {
+              free: 0,
+              plus: 1,
+              pro: 2,
+              premium: 3,
+              enterprise: 4
+            };
+            return tierPriority[currentTier] >= tierPriority[requiredTier];
+          }
+        },
+        wallet: {
+          getConnected: async (bapId) => {
+            const url = bapId ? `/wallet/connect?bapId=${encodeURIComponent(bapId)}` : "/wallet/connect";
+            const res = await $fetch(url, {
+              method: "GET"
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to fetch connected wallets");
+            }
+            return res.data;
+          },
+          connect: async (bapId, authToken, provider = "yours") => {
+            const res = await $fetch("/wallet/connect", {
+              method: "POST",
+              body: {
+                bapId,
+                authToken,
+                provider
+              }
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to connect wallet");
+            }
+            return res.data;
+          },
+          disconnect: async (bapId, address) => {
+            const res = await $fetch(`/wallet/connect?bapId=${encodeURIComponent(bapId)}&address=${encodeURIComponent(address)}`, {
+              method: "DELETE"
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to disconnect wallet");
+            }
+            return res.data;
+          },
+          setPrimary: async (bapId, walletAddress) => {
+            const res = await $fetch("/wallet/set-primary", {
+              method: "POST",
+              body: {
+                bapId,
+                walletAddress
+              }
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to set primary wallet");
+            }
+            return res.data;
+          }
+        },
+        nft: {
+          list: async (refresh = false) => {
+            const url = refresh ? "/wallet/nfts?refresh=true" : "/wallet/nfts";
+            const res = await $fetch(url, {
+              method: "GET"
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to fetch NFTs");
+            }
+            return res.data;
+          },
+          verifyOwnership: async (params) => {
+            const res = await $fetch("/wallet/verify-ownership", {
+              method: "POST",
+              body: params
+            });
+            if (res.error) {
+              throw new Error(res.error.message || "Failed to verify NFT ownership");
+            }
+            return res.data;
+          }
+        },
+        signIn: {
+          sigma: async (signInOptions, fetchOptions) => {
+            if (signInOptions?.authToken) {
+              const res = await $fetch("/sign-in/sigma", {
+                ...fetchOptions,
+                method: "POST",
+                body: {},
+                headers: {
+                  ...fetchOptions?.headers,
+                  "X-Auth-Token": signInOptions.authToken
+                }
+              });
+              return res;
+            }
+            if ($store && !signInOptions?.forceLogin) {
+              const sessionAtom = $store.session;
+              if (sessionAtom) {
+                const currentSession = sessionAtom.get();
+                if (currentSession.data) {
+                  return { data: currentSession, error: null };
+                }
+              }
+            }
+            if (!signInOptions?.clientId) {
+              throw new Error("[Sigma Auth] clientId is required for OAuth flow. " + "Pass clientId in signIn.sigma({ clientId: 'your-app', ... }) or set NEXT_PUBLIC_SIGMA_CLIENT_ID environment variable.");
+            }
+            const state = Math.random().toString(36).substring(7);
+            const codeVerifier = generateCodeVerifier();
+            const codeChallenge = await generateCodeChallenge(codeVerifier);
+            if (typeof window !== "undefined") {
+              sessionStorage.setItem("sigma_oauth_state", state);
+              sessionStorage.setItem("sigma_code_verifier", codeVerifier);
+              if (signInOptions?.errorCallbackURL) {
+                sessionStorage.setItem("sigma_error_callback", signInOptions.errorCallbackURL);
+              } else {
+                sessionStorage.removeItem("sigma_error_callback");
+              }
+            }
+            const authUrl = getSigmaUrl();
+            const origin = typeof window !== "undefined" ? window.location.origin : "";
+            const callbackPath = signInOptions?.callbackURL || "/auth/sigma/callback";
+            const redirectUri = callbackPath.startsWith("http") ? callbackPath : `${origin}${callbackPath.startsWith("/") ? callbackPath : `/${callbackPath}`}`;
+            if (typeof window !== "undefined") {
+              sessionStorage.setItem("sigma_redirect_uri", redirectUri);
+            }
+            const params = new URLSearchParams({
+              client_id: signInOptions.clientId,
+              redirect_uri: redirectUri,
+              response_type: "code",
+              state,
+              scope: "openid profile",
+              code_challenge: codeChallenge,
+              code_challenge_method: "S256"
+            });
+            if (signInOptions?.provider) {
+              params.append("provider", signInOptions.provider);
+            }
+            if (signInOptions?.prompt) {
+              params.append("prompt", signInOptions.prompt);
+            }
+            if (signInOptions?.bapId) {
+              params.append("bapId", signInOptions.bapId);
+              params.append("bap_id", signInOptions.bapId);
+            }
+            const fullAuthUrl = `${authUrl}/oauth2/authorize?${params.toString()}`;
+            if (typeof window !== "undefined") {
+              window.location.href = fullAuthUrl;
+            }
+            return new Promise(() => {});
+          }
+        },
+        sigma: {
+          handleCallback: async (searchParams) => {
+            const error = searchParams.get("error");
+            if (error) {
+              const errorDescription = searchParams.get("error_description");
+              throw {
+                title: "Authentication Error",
+                message: errorDescription || error || "An unknown error occurred during authentication."
+              };
+            }
+            const code2 = searchParams.get("code");
+            const state = searchParams.get("state");
+            if (!code2) {
+              throw {
+                title: "Missing Authorization Code",
+                message: "The authorization code was not received from the authentication server."
+              };
+            }
+            const savedState = typeof window !== "undefined" ? sessionStorage.getItem("sigma_oauth_state") : null;
+            if (state !== savedState) {
+              if (typeof window !== "undefined") {
+                sessionStorage.removeItem("sigma_oauth_state");
+              }
+              throw {
+                title: "Security Error",
+                message: "Invalid state parameter. Please try signing in again."
+              };
+            }
+            if (typeof window !== "undefined") {
+              sessionStorage.removeItem("sigma_oauth_state");
+            }
+            const codeVerifier = typeof window !== "undefined" ? sessionStorage.getItem("sigma_code_verifier") || undefined : undefined;
+            const storedRedirectUri = typeof window !== "undefined" ? sessionStorage.getItem("sigma_redirect_uri") || undefined : undefined;
+            const isCrossDomain = typeof window !== "undefined" && new URL(getSigmaUrl()).host !== window.location.host;
+            try {
+              let data;
+              if (isCrossDomain) {
+                const response = await fetch("/api/auth/sigma/callback", {
+                  method: "POST",
+                  headers: { "Content-Type": "application/json" },
+                  body: JSON.stringify({
+                    code: code2,
+                    state,
+                    code_verifier: codeVerifier,
+                    redirect_uri: storedRedirectUri
+                  })
+                });
+                if (!response.ok) {
+                  const errorData = await response.json().catch(() => ({}));
+                  throw {
+                    title: errorData.error || "Token Exchange Failed",
+                    message: errorData.details || `Server returned ${response.status}`
+                  };
+                }
+                data = await response.json();
+              } else {
+                const res = await $fetch("/sigma/callback", {
+                  method: "POST",
+                  body: {
+                    code: code2,
+                    state,
+                    code_verifier: codeVerifier,
+                    redirect_uri: storedRedirectUri
+                  }
+                });
+                if (res.error) {
+                  let errorMessage = "Failed to exchange authorization code for access token.";
+                  let errorTitle = "Token Exchange Failed";
+                  const errorData = res.error;
+                  const endpoint = errorData.endpoint || "unknown";
+                  const status = errorData.status || 500;
+                  if (errorData.details) {
+                    try {
+                      const nestedError = JSON.parse(errorData.details);
+                      if (nestedError.error_description) {
+                        errorMessage = nestedError.error_description;
+                      }
+                      if (nestedError.error === "invalid_client") {
+                        errorTitle = "Platform Not Registered";
+                        errorMessage = "This platform is not registered with the authentication server.";
+                      }
+                    } catch {
+                      errorMessage = errorData.details;
+                    }
+                  } else if (errorData.error) {
+                    errorMessage = errorData.error;
+                  }
+                  errorMessage += `
+
+Backend: ${status} (${endpoint})`;
+                  throw {
+                    title: errorTitle,
+                    message: errorMessage
+                  };
+                }
+                data = res.data;
+              }
+              const bapId = data.user?.bap_id;
+              if (bapId) {
+                storedBapId = bapId;
+                if (typeof window !== "undefined") {
+                  localStorage.setItem(BAP_ID_STORAGE_KEY, bapId);
+                }
+              }
+              if (typeof window !== "undefined") {
+                sessionStorage.removeItem("sigma_redirect_uri");
+                sessionStorage.removeItem("sigma_code_verifier");
+              }
+              return {
+                user: data.user,
+                access_token: data.access_token,
+                id_token: data.id_token,
+                refresh_token: data.refresh_token
+              };
+            } catch (err) {
+              if (typeof err === "object" && err !== null && "title" in err && "message" in err) {
+                throw err;
+              }
+              throw {
+                title: "Authentication Failed",
+                message: err instanceof Error ? err.message : "An unknown error occurred."
+              };
+            }
+          },
+          sign: async (requestPath, body, signatureType = "brc77") => {
+            const bapId = storedBapId || loadStoredBapId();
+            if (!bapId) {
+              throw new Error("No identity set. Complete OAuth login first or call setIdentity().");
+            }
+            const signerInstance = await getOrCreateSigner();
+            signerInstance.setIdentity(bapId);
+            const bodyString = body && typeof body === "object" ? JSON.stringify(body) : body;
+            return signerInstance.sign(requestPath, bodyString, signatureType);
+          },
+          signAIP: async (hexArray) => {
+            const bapId = storedBapId || loadStoredBapId();
+            if (!bapId) {
+              throw new Error("No identity set. Complete OAuth login first or call setIdentity().");
+            }
+            const signerInstance = await getOrCreateSigner();
+            signerInstance.setIdentity(bapId);
+            return signerInstance.signAIP(hexArray);
+          },
+          encrypt: async (data, friendBapId, theirPublicKey) => {
+            const bapId = storedBapId || loadStoredBapId();
+            if (!bapId) {
+              throw new Error("No identity set. Complete OAuth login first or call setIdentity().");
+            }
+            const signerInstance = await getOrCreateSigner();
+            signerInstance.setIdentity(bapId);
+            return signerInstance.encrypt(data, friendBapId, theirPublicKey);
+          },
+          decrypt: async (ciphertext, friendBapId, theirPublicKey) => {
+            const bapId = storedBapId || loadStoredBapId();
+            if (!bapId) {
+              throw new Error("No identity set. Complete OAuth login first or call setIdentity().");
+            }
+            const signerInstance = await getOrCreateSigner();
+            signerInstance.setIdentity(bapId);
+            return signerInstance.decrypt(ciphertext, friendBapId, theirPublicKey);
+          },
+          getFriendPublicKey: async (friendBapId) => {
+            const bapId = storedBapId || loadStoredBapId();
+            if (!bapId) {
+              throw new Error("No identity set. Complete OAuth login first or call setIdentity().");
+            }
+            const signerInstance = await getOrCreateSigner();
+            signerInstance.setIdentity(bapId);
+            return signerInstance.getFriendPublicKey(friendBapId);
+          },
+          getIdentity: () => {
+            return storedBapId || loadStoredBapId();
+          },
+          setIdentity: (bapId) => {
+            storedBapId = bapId;
+            if (typeof window !== "undefined") {
+              localStorage.setItem(BAP_ID_STORAGE_KEY, bapId);
+            }
+            if (signer) {
+              signer.setIdentity(bapId);
+            }
+          },
+          clearIdentity: () => {
+            clearStoredIdentity();
+          },
+          detectServer: async () => {
+            const localSigner = new LocalServerSigner({
+              baseUrl: localServerOptions.baseUrl || getLocalServerUrl(),
+              timeout: localServerOptions.timeout
+            });
+            if (await localSigner.probe()) {
+              return { url: localSigner.getBaseUrl(), isLocal: true };
+            }
+            return { url: getSigmaUrl(), isLocal: false };
+          },
+          getSignerType: () => {
+            return signerType;
+          },
+          getSigner: async () => {
+            return getOrCreateSigner();
+          },
+          isReady: () => {
+            const bapId = storedBapId || loadStoredBapId();
+            return !!bapId;
+          },
+          getErrorCallbackURL: () => {
+            if (typeof window === "undefined")
+              return "/auth/sigma/error";
+            return sessionStorage.getItem("sigma_error_callback") || "/auth/sigma/error";
+          },
+          redirectToError: (error) => {
+            if (typeof window === "undefined")
+              return;
+            const errorCallbackURL = sessionStorage.getItem("sigma_error_callback") || "/auth/sigma/error";
+            sessionStorage.removeItem("sigma_error_callback");
+            sessionStorage.removeItem("sigma_oauth_state");
+            sessionStorage.removeItem("sigma_code_verifier");
+            const errorUrl = new URL(errorCallbackURL, window.location.origin);
+            if (error && typeof error === "object" && "title" in error && "message" in error) {
+              const oauthError = error;
+              errorUrl.searchParams.set("error", oauthError.title);
+              errorUrl.searchParams.set("error_description", oauthError.message);
+            } else if (error instanceof Error) {
+              errorUrl.searchParams.set("error", "callback_error");
+              errorUrl.searchParams.set("error_description", error.message);
+            } else {
+              errorUrl.searchParams.set("error", "unknown_error");
+              errorUrl.searchParams.set("error_description", "An unknown error occurred");
+            }
+            window.location.href = errorUrl.toString();
+          }
+        }
+      };
+    }
+  };
+};
+
+// src/sigma-oauth.ts
+var SIGMA_URL = "https://auth.sigmaidentity.com";
+var baseAuthClient = createAuthClient({
+  baseURL: SIGMA_URL,
+  plugins: [sigmaClient()]
+});
+var sigmaAuthClient = baseAuthClient;
+async function initiateSigmaOAuth(config, options) {
+  await sigmaAuthClient.signIn.sigma({
+    clientId: config.clientId,
+    callbackURL: config.callbackURL ?? "/auth/sigma/callback",
+    ...options
   });
-  const authorizeUrl = `${SIGMA_URL}${SIGMA_AUTHORIZE_PATH}?${params.toString()}`;
-  window.location.href = authorizeUrl;
   return new Promise(() => {});
 }
-function isSigmaCallback(searchParams) {
-  const code2 = searchParams.get("code");
-  const state = searchParams.get("state");
-  const storedState = sessionStorage.getItem(STATE_KEY);
-  return !!(code2 && state && storedState && state === storedState);
-}
-async function completeSigmaOAuth(searchParams, serverCallbackUrl = "/api/auth/sigma/callback") {
-  const code2 = searchParams.get("code");
-  const state = searchParams.get("state");
-  const storedState = sessionStorage.getItem(STATE_KEY);
-  const verifier = sessionStorage.getItem(VERIFIER_KEY);
-  if (!code2 || !state) {
-    throw new Error("Missing OAuth callback parameters (code or state)");
-  }
-  if (!storedState || state !== storedState) {
-    throw new Error("OAuth state mismatch — possible CSRF attack");
-  }
-  if (!verifier) {
-    throw new Error("Missing PKCE verifier — OAuth flow was not initiated");
-  }
-  sessionStorage.removeItem(STATE_KEY);
-  sessionStorage.removeItem(VERIFIER_KEY);
-  const response = await fetch(serverCallbackUrl, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ code: code2, state, code_verifier: verifier })
-  });
-  if (!response.ok) {
-    const text = await response.text().catch(() => "");
-    throw new Error(`Sigma OAuth token exchange failed (${response.status}): ${text}`);
-  }
-  const result = await response.json();
+async function completeSigmaOAuth(searchParams) {
+  const result = await sigmaAuthClient.sigma.handleCallback(searchParams);
   const bapId = result.user?.bap_id;
   if (!bapId) {
     throw new Error("Sigma callback response missing bap_id");
@@ -115047,6 +118656,9 @@ async function completeSigmaOAuth(searchParams, serverCallbackUrl = "/api/auth/s
     accessToken: result.access_token ?? ""
   };
 }
+function setSigmaIdentity(bapId) {
+  sigmaAuthClient.sigma.setIdentity(bapId);
+}
 
 // src/connectWallet.ts
 var DEFAULT_ONESAT_URL = "https://1sat.market";
@@ -115054,6 +118666,7 @@ async function reconnectSigma(config, bapId) {
   const sigmaUrl = config.url ?? SIGMA_URL;
   const cwiConfig = { sigmaUrl };
   const { wallet: wallet6, destroy, sendCustomMessage } = createSigmaCWI(cwiConfig);
+  setSigmaIdentity(bapId);
   sendCustomMessage("SET_IDENTITY", { bapId });
   await wallet6.waitForAuthentication({});
   const { publicKey } = await wallet6.getPublicKey({ identityKey: true });
@@ -115178,7 +118791,7 @@ var DEFAULT_MOBILE_HANDSHAKE_TIMEOUT_MS = 900;
 var DEFAULT_DESKTOP_MAX_RETRIES = 2;
 var DEFAULT_MOBILE_MAX_RETRIES = 1;
 var REDIRECT_PENDING_KEY = "onesat:cwi:redirect:pending";
-var isRecord3 = (value) => typeof value === "object" && value !== null;
+var isRecord4 = (value) => typeof value === "object" && value !== null;
 var isLikelyMobileRuntime = () => {
   if (typeof navigator === "undefined")
     return false;
@@ -115191,7 +118804,7 @@ var isLikelyMobileRuntime = () => {
   const userAgent = navigator.userAgent ?? "";
   return /Android|iPhone|iPad|iPod|Mobile/i.test(userAgent);
 };
-var createId3 = () => {
+var createId4 = () => {
   if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
     return crypto.randomUUID();
   }
@@ -115250,16 +118863,16 @@ var normalizeState = (state) => ({
   reason: normalizeReason(state.reason)
 });
 var isCWIStateMessage = (value) => {
-  if (!isRecord3(value))
+  if (!isRecord4(value))
     return false;
   if (value.type !== "CWI")
     return false;
-  if (!isRecord3(value.cwiState))
+  if (!isRecord4(value.cwiState))
     return false;
   return true;
 };
 var isCWIResponseMessage = (value) => {
-  if (!isRecord3(value))
+  if (!isRecord4(value))
     return false;
   if (value.type !== "CWI")
     return false;
@@ -115271,7 +118884,7 @@ var isCWIResponseMessage = (value) => {
 };
 var toCWIError = (message) => new OneSatError(ErrorCodes.INTERNAL_ERROR, message.description ?? "Wallet request failed", { code: message.code });
 var extractErrorDescription = (value) => {
-  if (!isRecord3(value))
+  if (!isRecord4(value))
     return;
   const description = value.error_description;
   if (typeof description === "string" && description.length > 0) {
@@ -115469,7 +119082,7 @@ class EmbedTransport {
     if (!target) {
       throw new TransportUnavailableError("CWI iframe is not reachable");
     }
-    const requestId = createId3();
+    const requestId = createId4();
     const request3 = {
       type: "CWI",
       isInvocation: true,
@@ -115628,7 +119241,7 @@ class RedirectTransport {
       credentials: "omit"
     }, this.timeoutMs, () => new AuthorizationTimeoutError("authorize/init timed out"));
     const payload = await response.json().catch(() => ({}));
-    if (!response.ok || !isRecord3(payload)) {
+    if (!response.ok || !isRecord4(payload)) {
       const description = extractErrorDescription(payload) ?? "Failed to initialize redirect authorization";
       throw new OneSatError(ErrorCodes.INVALID_REQUEST, description, payload);
     }
@@ -115674,7 +119287,7 @@ class RedirectTransport {
       credentials: "omit"
     }, this.timeoutMs, () => new AuthorizationTimeoutError("token exchange timed out"));
     const payload = await response.json().catch(() => ({}));
-    if (!response.ok || !isRecord3(payload)) {
+    if (!response.ok || !isRecord4(payload)) {
       const description = extractErrorDescription(payload) ?? "Authorization code exchange failed";
       if (/already_consumed|replay|consumed/i.test(description)) {
         throw new CodeReplayError(description);
@@ -115784,7 +119397,7 @@ class AutoTransport {
   toFallbackReason(error) {
     if (error instanceof FallbackRequiredError) {
       const data = error.data;
-      if (isRecord3(data)) {
+      if (isRecord4(data)) {
         const reason = normalizeReason(data.reason);
         if (reason) {
           return reason;
@@ -115975,6 +119588,8 @@ export {
   walletLockedError,
   waitForOneSat,
   signRequest,
+  sigmaAuthClient,
+  setSigmaIdentity,
   sendResponse,
   sendErrorResponse,
   saveConnection,
@@ -115983,7 +119598,6 @@ export {
   parsePopupParams,
   loadConnection,
   isValidMessage,
-  isSigmaCallback,
   isResponse,
   isPopupContext,
   isOneSatInjected,